Configuring a CORS Headers List
The CORS Headers List specifies the HTTP headers that may be "allowed" or "exposed" in the CORS Protection Rule List. If allowed, FortiADC will use the headers list to verify whether the headers used in the CORS requests are legitimate. If exposed, FortiADC will expose the headers in the headers list in JavaScript and share with foreign applications.
The CORS Headers List can be optional as it is only required if Allowed Headers or Exposed Headers is enabled in the CORS Protection Rule List.
To create and configure the CORS Headers List:
- Go to Web Application Firewall > CORS Protection.
- Click the CORS Headers tab.
- Click Create New to display the configuration editor.
Configure the following:Parameter
Description
Name Enter a unique CORS Headers name. Valid characters should match regular expression
/^[A-Za-z0-9.:_-]*$/
. No space is allowed.Note: Once saved, the name of a CORS Headers cannot be changed.
- Click Save.
The newly created CORS Headers is listed under the CORS Headers tab. - Locate the newly created CORS Headers on the list and double-click the row or click the (Edit icon).
- Under CORS Headers List, click Create New to display the configuration editor.
Configure the following:Parameter
Description
Header Specify the HTTP header as a string. (Range: 1-63 characters).
- Click Save.