CORS Configuration

# Enables experimental support for Cross Origin Resource Sharing (CORS) filtering in Cloudsoft AMP REST API.
cors.enabled=true

# @see CrossOriginResourceSharingFilter#setAllowOrigins(List<String>)
# Coma separated values list of allowed origins. Access-Control-Allow-Origin header will be returned to client if Origin header in request is matching exactly a value among the list allowed origins.
# If empty or not specified then all origins are allowed. No wildcard allowed origins are supported.
cors.allow.origins=http://host-one.example.com:8080, http://host-two.example.com, https://host-three.example.com

# @see CrossOriginResourceSharingFilter#setAllowHeaders(List<String>)
# Coma separated values list of allowed headers for preflight checks.
#cors.allow.headers=

# @see CrossOriginResourceSharingFilter#setAllowCredentials(boolean)
# The value for the Access-Control-Allow-Credentials header. If false, no header is added.
# If true, the header is added with the value 'true'. False by default.
#cors.allow.credentials=false

# @see CrossOriginResourceSharingFilter#setExposeHeaders(List<String>)
# CSV list of non-simple headers to be exposed via Access-Control-Expose-Headers.
#cors.expose.headers=

# @see CrossOriginResourceSharingFilter#setMaxAge(Integer)
# The value for Access-Control-Max-Age. If -1 then No Access-Control-Max-Age header will be send.
#cors.max.age=-1

# @see CrossOriginResourceSharingFilter#setPreflightErrorStatus(Integer)
# Preflight error response status, default is 200.
cors.preflight.error.status=200

# Do not apply CORS if response is going to be with UNAUTHORIZED status.
#cors.block.if.unauthorized=false