Configure cross-origin resource sharing

You can configure cross-origin resource sharing (CORS), which is a mechanism that uses additional HTTP headers to provide a web application running at one origin to have permission to access selected resources from a server at a different origin.

About this task

CORS is handled by the cors.cfg file located in the working directory. The CORS configuration is open by default, so cross domain access is not restricted.

If no configuration file is present, CORS is open. But if the cors.cfg file is present, then it is used. If the cors.cfg file is empty, you cannot make a CORS request.


  1. Open the cors.cfg file, which is located in the working directory.
  2. Add the desired lines to the file.
    Each line in the CORS configuration file is a regular expression pattern to match. The origin header must match a line in the cors.cfg file. If any line pattern matches the origin header, the request is allowed. The complete origin is compared, not just the host element.
  3. Save the file.


Requests are matched on the host and according to protocol, such as the following:
  • Match localhost with any protocol—*localhost*
  • Match localhost for HTTPS only—https://localhost*