CORS
March 5, 2024
ID 201900
Contains the cross-origin resource sharing mechanism settings.
This element is optional.
Path
ServerSettings > CORS
Attributes
This element has no attributes.
Nested elements
This element is a container for the following nested elements:
- AccessControlAllowOrigin
Specifies the list of origins (IP addresses or host names with a protocol) to which an access to the kavhttpd service must be provided.
Possible values:
- IP address or a host name of an origin, including the protocol (http:// or https://), that initiates requests to the kavhttpd service
*This value allows any origin to access the kavhttpd service.
- Empty value
Kaspersky Scan Engine in HTTP mode may receive an HTTP request with the Origin header field which contains the IP address or host name that initiates the request. If the HTTP mode configuration file contains one or more AccessControlAllowOrigin elements, the value of the Origin header field is mapped to the values defined in these elements. The following results are possible:
- The value of the
Originheader field matches at least one of theAccessControlAllowOriginelement valuesIn this case, the value of the
Originheader field will be specified in theAccess-Control-Allow-Originfield of the response header. - No matches
In this case,
Access-Control-Allow-Originwill contain thehttps://scanengine.kaspersky.comvalue. - At least one of the
AccessControlAllowOriginelement contains the*valueIn this case, the
Access-Control-Allow-Originfield of the response header will contain the*value regardless of theOriginheader field value.
If the request does not contain the Origin header field, the kavhttpd service processes it in the standard way.
Example
The following is an example of this element.
<CORS> <AccessControlAllowOrigin>http://example.com</AccessControlAllowOrigin> <AccessControlAllowOrigin>https://www.kaspersky.com</AccessControlAllowOrigin> </CORS> |
