You are browsing documentation for an outdated plugin version.
Configuration
This plugin is compatible with DB-less mode.
Compatible protocols
The CORS plugin is compatible with the following protocols:
grpc
, grpcs
, http
, https
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
-
string required
The name of the plugin, in this case
cors
.- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
name
. - If using the KongPlugin object in Kubernetes, the field is
plugin
.
- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
-
string
The name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level
/plugins
endpoint. Not required if using/services/{serviceName|Id}/plugins
. -
string
The name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level
/plugins
endpoint. Not required if using/routes/{routeName|Id}/plugins
. -
boolean default:
true
Whether this plugin will be applied.
-
record required
-
array of type
string
List of allowed domains for the
Access-Control-Allow-Origin
header. If you want to allow all origins, add*
as a single value to this configuration field. The accepted values can either be flat strings or PCRE regexes.
-
array of type
string
Value for the
Access-Control-Allow-Headers
header.
-
array of type
string
Value for the
Access-Control-Expose-Headers
header. If not specified, no custom headers are exposed.
-
array of type
string
default:GET, HEAD, PUT, PATCH, POST, DELETE, OPTIONS, TRACE, CONNECT
Must be one of:GET
,HEAD
,PUT
,PATCH
,POST
,DELETE
,OPTIONS
,TRACE
,CONNECT
‘Value for the
Access-Control-Allow-Methods
header. Available options includeGET
,HEAD
,PUT
,PATCH
,POST
,DELETE
,OPTIONS
,TRACE
,CONNECT
. By default, all options are allowed.’
-
number
Indicates how long the results of the preflight request can be cached, in
seconds
.
-
boolean required default:
false
Flag to determine whether the
Access-Control-Allow-Credentials
header should be sent withtrue
as the value.
-
boolean required default:
false
A boolean value that instructs the plugin to proxy the
OPTIONS
preflight request to the Upstream service.
-