summaryrefslogtreecommitdiffstats
path: root/sites
diff options
context:
space:
mode:
authorAlex Pott2016-08-02 10:56:38 (GMT)
committerAlex Pott2016-08-02 10:56:38 (GMT)
commitbc834169f0ffcd4a98038f957ff2d5c3392cf544 (patch)
tree0c9413a4c12d1ac499c5d012ca0777e87aba03a2 /sites
parenta1059ca5080b7990fccaf4b43e7561324b4d5171 (diff)
Issue #1869548 by dawehner, jeqq, dmouse, slasher13, damiankloip, alexpott, nod_, AlxVallejo, chr.fritsch, yanniboi, effulgentsia, dixon_, -enzo-, Wim Leers, Crell, andypost, catch, Damien Tournoud, kim.pepper, linclark: Opt-in CORS support
Diffstat (limited to 'sites')
-rw-r--r--sites/default/default.services.yml19
1 files changed, 19 insertions, 0 deletions
diff --git a/sites/default/default.services.yml b/sites/default/default.services.yml
index 23f6483..e1bbbc7 100644
--- a/sites/default/default.services.yml
+++ b/sites/default/default.services.yml
@@ -153,3 +153,22 @@ parameters:
- sftp
- webcal
- rtsp
+
+ # Configure Cross-Site HTTP requests (CORS).
+ # Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+ # for more information about the topic in general.
+ # Note: By default the configuration is disabled.
+ cors.config:
+ enabled: false
+ # Specify allowed headers, like 'x-allowed-header'.
+ allowedHeaders: []
+ # Specify allowed request methods, specify ['*'] to allow all possible ones.
+ allowedMethods: []
+ # Configure requests allowed from specific origins.
+ allowedOrigins: ['*']
+ # Sets the Access-Control-Expose-Headers header.
+ exposedHeaders: false
+ # Sets the Access-Control-Max-Age header.
+ maxAge: false
+ # Sets the Access-Control-Allow-Credentials header.
+ supportsCredentials: false