CORS
5 March 2024
ID 201900
Contains the cross-origin resource sharing mechanism settings.
This element is optional.
Path
ServerSettings > CORS
Attributes
This element has no attributes.
Nested elements
This element is a container for the following nested elements:
- AccessControlAllowOrigin
Specifies the list of origins (IP addresses or host names with a protocol) to which an access to the kavhttpd service must be provided.
Possible values:
- IP address or a host name of an origin, including the protocol (http:// or https://), that initiates requests to the kavhttpd service
*
This value allows any origin to access the kavhttpd service.
- Empty value
Kaspersky Scan Engine in HTTP mode may receive an HTTP request with the Origin
header field which contains the IP address or host name that initiates the request. If the HTTP mode configuration file contains one or more AccessControlAllowOrigin
elements, the value of the Origin
header field is mapped to the values defined in these elements. The following results are possible:
- The value of the
Origin
header field matches at least one of theAccessControlAllowOrigin
element valuesIn this case, the value of the
Origin
header field will be specified in theAccess-Control-Allow-Origin
field of the response header. - No matches
In this case,
Access-Control-Allow-Origin
will contain thehttps://scanengine.kaspersky.com
value. - At least one of the
AccessControlAllowOrigin
element contains the*
valueIn this case, the
Access-Control-Allow-Origin
field of the response header will contain the*
value regardless of theOrigin
header field value.
If the request does not contain the Origin
header field, the kavhttpd service processes it in the standard way.
Example
The following is an example of this element.
<CORS> <AccessControlAllowOrigin>http://example.com</AccessControlAllowOrigin> <AccessControlAllowOrigin>https://www.kaspersky.com</AccessControlAllowOrigin> </CORS> |