github.com/icyphox/x@v0.0.355-0.20220311094250-029bd783e8b8/.schemas/corsx/viper.schema.json (about) 1 { 2 "$id": "https://raw.githubusercontent.com/ory/x/master/.schemas/corsx/viper.schema.json", 3 "$schema": "http://json-schema.org/draft-07/schema#", 4 "title": "Cross Origin Resource Sharing (CORS)", 5 "description": "Configure [Cross Origin Resource Sharing (CORS)](http://www.w3.org/TR/cors/) using the following options.", 6 "type": "object", 7 "properties": { 8 "enabled": { 9 "type": "boolean", 10 "default": false, 11 "title": "Enable CORS", 12 "description": "If set to true, CORS will be enabled and preflight-requests (OPTION) will be answered." 13 }, 14 "allowed_origins": { 15 "title": "Allowed Origins", 16 "description": "A list of origins a cross-domain request can be executed from. If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penality. Only one wildcard can be used per origin.", 17 "type": "array", 18 "items": { 19 "type": "string", 20 "minLength": 1 21 }, 22 "default": [ 23 "*" 24 ], 25 "uniqueItems": true, 26 "examples": [ 27 "https://example.com", 28 "https://*.example.com", 29 "https://*.foo.example.com" 30 ] 31 }, 32 "allowed_methods": { 33 "type": "array", 34 "title": "Allowed HTTP Methods", 35 "description": "A list of methods the client is allowed to use with cross-domain requests.", 36 "items": { 37 "type": "string", 38 "enum": [ 39 "GET", 40 "HEAD", 41 "POST", 42 "PUT", 43 "DELETE", 44 "CONNECT", 45 "TRACE", 46 "PATCH" 47 ] 48 }, 49 "uniqueItems": true, 50 "default": [ 51 "GET", 52 "POST", 53 "PUT", 54 "PATCH", 55 "DELETE" 56 ] 57 }, 58 "allowed_headers": { 59 "description": "A list of non simple headers the client is allowed to use with cross-domain requests.", 60 "title": "Allowed Request HTTP Headers", 61 "type": "array", 62 "items": { 63 "type": "string" 64 }, 65 "minLength": 1, 66 "uniqueItems": true, 67 "default": [ 68 "Authorization", 69 "Content-Type" 70 ] 71 }, 72 "exposed_headers": { 73 "description": "Indicates which headers are safe to expose to the API of a CORS API specification", 74 "title": "Allowed Response HTTP Headers", 75 "type": "array", 76 "items": { 77 "type": "string" 78 }, 79 "minLength": 1, 80 "uniqueItems": true, 81 "default": [ 82 "Content-Type" 83 ] 84 }, 85 "allow_credentials": { 86 "type": "boolean", 87 "title": "Allow HTTP Credentials", 88 "default": false, 89 "description": "Indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates." 90 }, 91 "max_age": { 92 "type": "number", 93 "default": 0, 94 "title": "Maximum Age", 95 "description": "Indicates how long (in seconds) the results of a preflight request can be cached. The default is 0 which stands for no max age."}, 96 "debug": { 97 "type": "boolean", 98 "default": false, 99 "title": "Enable Debugging", 100 "description": "Set to true to debug server side CORS issues." 101 } 102 }, 103 "additionalProperties": false 104 }