Fortinet white logo
Fortinet white logo

Handbook

Configuring a CORS Headers List

Configuring a CORS Headers List

The CORS Headers List specifies the HTTP headers that may be "allowed" or "exposed" in the CORS Protection Rule List. If allowed, FortiADC will use the headers list to verify whether the headers used in the CORS requests are legitimate. If exposed, FortiADC will expose the headers in the headers list in JavaScript and share with foreign applications.

The CORS Headers List can be optional as it is only required if Allowed Headers or Exposed Headers is enabled in the CORS Protection Rule List.

To create and configure the CORS Headers List:
  1. Go to Web Application Firewall > CORS Protection.
  2. Click the CORS Headers tab.
  3. Click Create New to display the configuration editor.
    Configure the following:

    Parameter

    Description

    Name

    Enter a unique CORS Headers name. Valid characters should match regular expression /^[A-Za-z0-9.:_-]*$/. No space is allowed.

    Note: Once saved, the name of a CORS Headers cannot be changed.

  4. Click Save.
    The newly created CORS Headers is listed under the CORS Headers tab.
  5. Locate the newly created CORS Headers on the list and double-click the row or click the (Edit icon).
  6. Under CORS Headers List, click Create New to display the configuration editor.
    Configure the following:

    Parameter

    Description

    Header

    Specify the HTTP header as a string. (Range: 1-63 characters).

  7. Click Save.

Configuring a CORS Headers List

Configuring a CORS Headers List

The CORS Headers List specifies the HTTP headers that may be "allowed" or "exposed" in the CORS Protection Rule List. If allowed, FortiADC will use the headers list to verify whether the headers used in the CORS requests are legitimate. If exposed, FortiADC will expose the headers in the headers list in JavaScript and share with foreign applications.

The CORS Headers List can be optional as it is only required if Allowed Headers or Exposed Headers is enabled in the CORS Protection Rule List.

To create and configure the CORS Headers List:
  1. Go to Web Application Firewall > CORS Protection.
  2. Click the CORS Headers tab.
  3. Click Create New to display the configuration editor.
    Configure the following:

    Parameter

    Description

    Name

    Enter a unique CORS Headers name. Valid characters should match regular expression /^[A-Za-z0-9.:_-]*$/. No space is allowed.

    Note: Once saved, the name of a CORS Headers cannot be changed.

  4. Click Save.
    The newly created CORS Headers is listed under the CORS Headers tab.
  5. Locate the newly created CORS Headers on the list and double-click the row or click the (Edit icon).
  6. Under CORS Headers List, click Create New to display the configuration editor.
    Configure the following:

    Parameter

    Description

    Header

    Specify the HTTP header as a string. (Range: 1-63 characters).

  7. Click Save.