CORS

Contains the cross-origin resource sharing mechanism settings.

This element is optional.

Path

ServerSettings > CORS

Attributes

This element has no attributes.

Nested elements

This element is a container for the following nested elements:

• AccessControlAllowOrigin

  Specifies the list of origins (IP addresses or host names with a protocol) to which an access to the kavhttpd service must be provided.

  Possible values:

  • IP address or a host name of an origin, including the protocol (http:// or https://), that initiates requests to the kavhttpd service
  • *

    This value allows any origin to access the kavhttpd service.

  • Empty value

Kaspersky Scan Engine in HTTP mode may receive an HTTP request with the Origin header field which contains the IP address or host name that initiates the request. If the HTTP mode configuration file contains one or more AccessControlAllowOrigin elements, the value of the Origin header field is mapped to the values defined in these elements. The following results are possible:

• The value of the Origin header field matches at least one of the AccessControlAllowOrigin element values

  In this case, the value of the Origin header field will be specified in the Access-Control-Allow-Origin field of the response header.

• No matches

  In this case, Access-Control-Allow-Origin will contain the https://scanengine.kaspersky.com value.

• At least one of the AccessControlAllowOrigin element contains the * value

  In this case, the Access-Control-Allow-Origin field of the response header will contain the * value regardless of the Origin header field value.

If the request does not contain the Origin header field, the kavhttpd service processes it in the standard way.

Example

The following is an example of this element.

<CORS> <AccessControlAllowOrigin>http://example.com</AccessControlAllowOrigin> <AccessControlAllowOrigin>https://kaspersky.com</AccessControlAllowOrigin> </CORS>

Page top