|
@@ -614,10 +614,10 @@ You can tune the middleware behavior using middleware specific configuration par
|
614
|
614
|
- "firewall.reverseProxy": Set to "true" when a reverse proxy is used ("")
|
615
|
615
|
- "firewall.allowedIpAddresses": List of IP addresses that are allowed to connect ("")
|
616
|
616
|
- "cors.allowedOrigins": The origins allowed in the CORS headers ("*")
|
617
|
|
-- "cors.allowHeaders": The headers allowed in the CORS request ("Content-Type, X-XSRF-TOKEN")
|
|
617
|
+- "cors.allowHeaders": The headers allowed in the CORS request ("Content-Type, X-XSRF-TOKEN, X-Authorization, X-Debug-Info, X-Exception-Name, X-Exception-Message, X-Exception-File")
|
618
|
618
|
- "cors.allowMethods": The methods allowed in the CORS request ("OPTIONS, GET, PUT, POST, DELETE, PATCH")
|
619
|
619
|
- "cors.allowCredentials": To allow credentials in the CORS request ("true")
|
620
|
|
-- "cors.exposeHeaders": Whitelist headers that browsers are allowed to access ("")
|
|
620
|
+- "cors.exposeHeaders": Whitelist headers that browsers are allowed to access ("X-Debug-Info, X-Exception-Name, X-Exception-Message, X-Exception-File")
|
621
|
621
|
- "cors.maxAge": The time that the CORS grant is valid in seconds ("1728000")
|
622
|
622
|
- "xsrf.excludeMethods": The methods that do not require XSRF protection ("OPTIONS,GET")
|
623
|
623
|
- "xsrf.cookieName": The name of the XSRF protection cookie ("XSRF-TOKEN")
|