Headers
HTTP Response Headers:
Access-Control-Allow Origin
Set by the target origin and lists the allowed requesting origins. If outside of the requesting origins then the response will be empty.
Access-Control-Allow-Credentials
The creds we sent are okay and the requested file is in the body. If the creds are not setup to be passed then the response will be blank. Cannot use this header if Allow-Origin is a wildcard.
Access-Control-Allow-Headers
This is sent back in response to the preflight and informs of the allowed custom headers.
Access-Control-Allow-Methods
This is sent back in response to the preflight and informs of the allowed HTTP request types.
Access-Control-Max-Age
This is sent back in response to the preflight and informs of the cached time to use.
Access-Control-Expose-Headers
This is sent back in response to the preflight and informs of the headers that can be accessed by the browser.
Origin
Contains the protocol, domain, and port of the origin.
Access-Control-Request-Method
Set in the Preflight to list the Method that is to be used in the CORS request.
Access-Control-Request-Headers
Set in the Preflight request and lists the non standard methods that are to be used in the CORS request.
Last updated
Was this helpful?