CORS mechanism

Concept Description

Cross-Origin Resource Sharing (CORS) allows Web servers to perform cross-domain access, enabling browsers to more securely transfer data across domains.

Scenario

When the user needs to send REST requests across the origin webserver, the CORS mechanism may be used. The microservices that receive cross-domain requests need to enable CORS support.

Configuration instructions

The CORS function is configured in the microservice.yaml file. The configuration items are described in the following table.

Configuration Item	Default Value	Range of Value	Required	Meaning
servicecomb.cors.enabled	false	true/false	No	Whether to enable CORS function
servicecomb.cors.origin	*	-	No	Access-Control-Allow-Origin
servicecomb.cors.allowCredentials	false	true/false	No	Access-Control-Allow-Credentials
servicecomb.cors.allowedHeader	None	-	No	Access-Control-Allow-Headers
servicecomb.cors.allowedMethod	None	-	No	Access-Control-Allow-Methods
servicecomb.cors.exposedHeader	None	-	No	Access-Control-Expose-Headers
servicecomb.cors.maxAge	None	(0,2147483647], Integer	No	Access-Control-Max-Age

Sample Code

servicecomb:
  cors:
    enabled: true
    origin: "*"
    allowCredentials: false
    allowedMethod: PUT,DELETE
    maxAge: 3600