Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time



mod_cors support Cross-Origin Resource Sharing

Module configuration



Config Item Description
Basic.DataPath String
Path of rule configuration
Log.OpenDebug Boolean
Debug flag of module


DataPath = mod_cors/

OpenDebug = false

Rule Configuration



Config Item Description
Version String
Version of the config file
Config Object
Trace rules for each product
Config[k] String
Product name
Config[v] Object
A list of cors rules
Config[v][] Object
A cors rule
Config[v][].Cond String
Condition expression, See Condition
Config[v][].AccessControlAllowOrigins List
Indicates whether the response can be shared with requesting code from the given origin; for requests without credentials, the "*" wildcard, to tell browsers to allow any origin to access the resource. "%origin" specifies the origin from the request header "Origin"
Config[v][].AccessControlAllowCredentials Boolean
Indicates whether or not the response to the request can be exposed.
Config[v][].AccessControlExposeHeaders Boolean
Specifies the response headers that browsers are allowed to access.
Config[v][].AccessControlAllowMethods List
Specifies the method or methods allowed when accessing the resource. This is used in response to a preflight request.
Config[v][].AccessControlAllowHeaders List
Indicates which HTTP headers can be used when making the actual request. This is used in response to a preflight request.
Config[v][].AccessControlMaxAge Int
Indicates how long the results of a preflight request can be cached. This is used in response to a preflight request.


    "Version": "",
    "Config": {
        "example_product": [
                 "Cond": "req_host_in(\"\")",
                 "AccessControlAllowOrigins": ["%origin"],
                 "AccessControlAllowCredentials": true,
                 "AccessControlExposeHeaders": ["X-Custom-Header"],
                 "AccessControlAllowMethods": ["HEAD","GET","POST","PUT","DELETE","OPTIONS","PATCH"],
                 "AccessControlAllowHeaders": ["X-Custom-Header"],
                 "AccessControlMaxAge": -1