*/
    public static CrawlerStatsHelper getCrawlerStatsHelper() {
        return getComponent(CRAWLER_STATS_HELPER);
    }

    /**
     * Gets the CORS handler factory component.
     * @return The CORS handler factory.
     */
    public static CorsHandlerFactory getCorsHandlerFactory() {
        return getComponent(CORS_HANDLER_FACTORY);
    }

    /**

# Allowed origins for CORS.
api.cors.allow.origin=*
# Allowed HTTP methods for CORS.
api.cors.allow.methods=GET, POST, OPTIONS, DELETE, PUT
# Max age for CORS preflight requests.
api.cors.max.age=3600
# Allowed headers for CORS.
api.cors.allow.headers=Origin, Content-Type, Accept, Authorization, X-Requested-With
# Whether to allow credentials for CORS.
api.cors.allow.credentials=true

    /** The key of the configuration. e.g. * */
    String API_CORS_ALLOW_ORIGIN = "api.cors.allow.origin";

    /** The key of the configuration. e.g. GET, POST, OPTIONS, DELETE, PUT */
    String API_CORS_ALLOW_METHODS = "api.cors.allow.methods";

    /** The key of the configuration. e.g. 3600 */
    String API_CORS_MAX_AGE = "api.cors.max.age";

	"http://dbflute.org/meta/lastadi10.dtd">
<components>
	<component name="searchEngineClient" class="org.codelibs.fess.opensearch.client.SearchEngineClient">
		<property name="settings">
			{"http.cors.enabled":"true",
			 "http.cors.allow-origin":"*",
			 "discovery.type":"single-node",
			 "cluster.allocator.existing_shards_allocator.batch_enabled":"true",
			 <!--
			 "node.name":"search_engine",

of `text/plain` containing JSON data would be accepted and the JSON data would be extracted.

But requests with content type `text/plain` are exempt from [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) preflights, for being considered [Simple requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests). So, the browser would execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the...

      - tutorial/security/first-steps.md
      - tutorial/security/get-current-user.md
      - tutorial/security/simple-oauth2.md
      - tutorial/security/oauth2-jwt.md
    - tutorial/middleware.md
    - tutorial/cors.md
    - tutorial/sql-databases.md
    - tutorial/bigger-applications.md
    - tutorial/stream-json-lines.md
    - tutorial/server-sent-events.md
    - tutorial/background-tasks.md
    - tutorial/metadata.md

                This prevents potential cross-site request forgery (CSRF) attacks
                that exploit the browser's ability to send requests without a
                Content-Type header, bypassing CORS preflight checks. In particular
                applicable for apps that need to be run locally (in localhost).

                When `False`, requests without a `Content-Type` header will have