summaryrefslogtreecommitdiffstats
path: root/sites
diff options
context:
space:
mode:
authorNathaniel Catchpole2016-07-27 21:09:22 (GMT)
committerNathaniel Catchpole2016-07-27 21:09:22 (GMT)
commitf2b7115211842ed460b5451f69989115679bcbfb (patch)
treec54409ef7f6482ac222df2366ebaacb5e8aef49d /sites
parentf8bd3f7db6182655b1d0400843d19867fa124820 (diff)
Issue #1869548 by dawehner, jeqq, dmouse, damiankloip, nod_, AlxVallejo, chr.fritsch, yanniboi, effulgentsia, dixon_, -enzo-, Wim Leers, Crell, Damien Tournoud, andypost, kim.pepper, linclark, catch: Opt-in CORS support
Diffstat (limited to 'sites')
-rw-r--r--sites/default/default.services.yml19
1 files changed, 19 insertions, 0 deletions
diff --git a/sites/default/default.services.yml b/sites/default/default.services.yml
index 23f6483..e1bbbc7 100644
--- a/sites/default/default.services.yml
+++ b/sites/default/default.services.yml
@@ -153,3 +153,22 @@ parameters:
- sftp
- webcal
- rtsp
+
+ # Configure Cross-Site HTTP requests (CORS).
+ # Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+ # for more information about the topic in general.
+ # Note: By default the configuration is disabled.
+ cors.config:
+ enabled: false
+ # Specify allowed headers, like 'x-allowed-header'.
+ allowedHeaders: []
+ # Specify allowed request methods, specify ['*'] to allow all possible ones.
+ allowedMethods: []
+ # Configure requests allowed from specific origins.
+ allowedOrigins: ['*']
+ # Sets the Access-Control-Expose-Headers header.
+ exposedHeaders: false
+ # Sets the Access-Control-Max-Age header.
+ maxAge: false
+ # Sets the Access-Control-Allow-Credentials header.
+ supportsCredentials: false