• Public
  • Public/Protected
  • All


  • CorsOptions



Optional credentials

credentials: undefined | false | true

Sets the Access-Control-Allow-Credentials header.

The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content.

Optional headers

headers: string[]

Sets the Access-Control-Allow-Headers header.

The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.

Optional maxAge

maxAge: undefined | number

Sets the Access-Control-Max-Age header.

The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached. For an example of a preflight request, see the above examples.

Optional methods

methods: string[]

Sets the Access-Control-Allow-Methods header.

The Access-Control-Allow-Methods header specifies the method or methods allowed when accessing the resource. This is used in response to a preflight request. The conditions under which a request is preflighted are discussed above.

Optional origin

origin: undefined | string

Sets the Access-Control-Allow-Origin header.

Access-Control-Allow-Origin specifies either a single origin, which tells browsers to allow that origin to access the resource; or else — for requests without credentials — the "*" wildcard, to tell browsers to allow any origin to access the resource. If omitted, "*"" will be used

Generated using TypeDoc