|
|
@@ -626,10 +626,10 @@ You can tune the middleware behavior using middleware specific configuration par
|
|
626
|
626
|
- "firewall.reverseProxy": Set to "true" when a reverse proxy is used ("")
|
|
627
|
627
|
- "firewall.allowedIpAddresses": List of IP addresses that are allowed to connect ("")
|
|
628
|
628
|
- "cors.allowedOrigins": The origins allowed in the CORS headers ("*")
|
|
629
|
|
-- "cors.allowHeaders": The headers allowed in the CORS request ("Content-Type, X-XSRF-TOKEN, X-Authorization, X-Debug-Info, X-Exception-Name, X-Exception-Message, X-Exception-File")
|
|
|
629
|
+- "cors.allowHeaders": The headers allowed in the CORS request ("Content-Type, X-XSRF-TOKEN, X-Authorization")
|
|
630
|
630
|
- "cors.allowMethods": The methods allowed in the CORS request ("OPTIONS, GET, PUT, POST, DELETE, PATCH")
|
|
631
|
631
|
- "cors.allowCredentials": To allow credentials in the CORS request ("true")
|
|
632
|
|
-- "cors.exposeHeaders": Whitelist headers that browsers are allowed to access ("X-Debug-Info, X-Exception-Name, X-Exception-Message, X-Exception-File")
|
|
|
632
|
+- "cors.exposeHeaders": Whitelist headers that browsers are allowed to access ("")
|
|
633
|
633
|
- "cors.maxAge": The time that the CORS grant is valid in seconds ("1728000")
|
|
634
|
634
|
- "xsrf.excludeMethods": The methods that do not require XSRF protection ("OPTIONS,GET")
|
|
635
|
635
|
- "xsrf.cookieName": The name of the XSRF protection cookie ("XSRF-TOKEN")
|
Maurits van der Schee
3 years ago