1 package corsx
2
3
4 func HelpMessage() string {
5 return `- CORS_ENABLED: Switch CORS support on (true) or off (false). Default is off (false).
6
7 Example: CORS_ENABLED=true
8
9 - CORS_ALLOWED_ORIGINS: A list of origins (comma separated values) a cross-domain request can be executed from.
10 If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*)
11 to replace 0 or more characters (i.e.: http://*.domain.com). Usage of wildcards implies a small performance penality.
12 Only one wildcard can be used per origin. The default value is *.
13
14 Example: CORS_ALLOWED_ORIGINS=http://*.domain.com,http://*.domain2.com
15
16 - CORS_ALLOWED_METHODS: A list of methods (comma separated values) the client is allowed to use with cross-domain
17 requests. Default value is simple methods (GET and POST).
18
19 Example: CORS_ALLOWED_METHODS=POST,GET,PUT
20
21 - CORS_ALLOWED_CREDENTIALS: Indicates whether the request can include user credentials like cookies, HTTP authentication
22 or client side SSL certificates.
23
24 Default: CORS_ALLOWED_CREDENTIALS=false
25 Example: CORS_ALLOWED_CREDENTIALS=true
26
27 - CORS_DEBUG: Debugging flag adds additional output to debug server side CORS issues.
28
29 Default: CORS_DEBUG=false
30 Example: CORS_DEBUG=true
31
32 - CORS_MAX_AGE: Indicates how long (in seconds) the results of a preflight request can be cached. The default is 0
33 which stands for no max age.
34
35 Default: CORS_MAX_AGE=0
36 Example: CORS_MAX_AGE=10
37
38 - CORS_ALLOWED_HEADERS: A list of non simple headers (comma separated values) the client is allowed to use with
39 cross-domain requests.
40
41 - CORS_EXPOSED_HEADERS: Indicates which headers (comma separated values) are safe to expose to the API of a
42 CORS API specification.`
43 }
44
View as plain text