Package :



Table of Contents


CORSPolicy is used to set a Cross-Origin Resource Sharing policy (CORS) for requests matching selected routes. Refer to [this link]( for further details about cross origin resource sharing. CORSPolicies are applied at the Route level.

Field Type Label Description
applyToRoutes [] repeated Select the routes where the policy will be applied. If left empty, will apply to all routes in the workspace.
config The details of the CORS policy to apply to the selected routes.


Field Type Label Description
allowOrigins [] repeated String patterns that match allowed origins. An origin is allowed if any of the string matchers match.
allowMethods []string repeated List of HTTP methods allowed to access the resource. The content will be serialized to the Access-Control-Allow-Methods header.
allowHeaders []string repeated List of HTTP headers that can be used when requesting the resource. Serialized to the Access-Control-Allow-Headers header.
exposeHeaders []string repeated A list of HTTP headers that browsers are allowed to access. Serialized to the Access-Control-Expose-Headers header.
maxAge google.protobuf.Duration Specify how long the results of a preflight request can be cached. Serialized to the Access-Control-Max-Age header.
allowCredentials google.protobuf.BoolValue Indicates whether the caller is allowed to send the actual request (not the preflight) using credentials. Translates to the Access-Control-Allow-Credentials header.


Reflects the status of the CORSPolicy.

Field Type Label Description
workspaces [] repeated The status of the resource in each workspace that it exists in.
selectedRoutes [] repeated Routes selected by the policy


Field Type Label Description
key string