From d5f3dd5d98acd63a2647316715a3031a439b918e Mon Sep 17 00:00:00 2001 From: Drew Noel Date: Fri, 11 Nov 2022 01:39:27 -0500 Subject: [PATCH] Add configuration for CORS allowed headers (#21747) This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R Co-authored-by: John Olheiser Co-authored-by: Lunny Xiao --- doc/advanced/config-cheat-sheet.en-us.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/advanced/config-cheat-sheet.en-us.md b/doc/advanced/config-cheat-sheet.en-us.md index b0060e9a..aece6afc 100644 --- a/doc/advanced/config-cheat-sheet.en-us.md +++ b/doc/advanced/config-cheat-sheet.en-us.md @@ -200,6 +200,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a - `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request - `MAX_AGE`: **10m**: max time to cache response - `ALLOW_CREDENTIALS`: **false**: allow request with credentials +- `HEADERS`: **Content-Type,User-Agent**: additional headers that are permitted in requests - `X_FRAME_OPTIONS`: **SAMEORIGIN**: Set the `X-Frame-Options` header value. ## UI (`ui`)