# CORS (Cross-Origin Resource Sharing) { #cors-cross-origin-resource-sharing }

<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS" class="external-link" target="_blank">CORS or "Cross-Origin Resource Sharing"</a> refers to the situations when a frontend running in a browser has JavaScript code that communicates with a backend, and the backend is in a different "origin" than the frontend.

## Origin { #origin }

     * Headers include allowed origin, methods, headers, max age, and credentials setting.
     *
     * @param origin the origin of the request
     * @param request the servlet request
     * @param response the servlet response to add CORS headers to
     */
    @Override
    public void process(final String origin, final ServletRequest request, final ServletResponse response) {

        if (logger.isDebugEnabled()) {
            logger.debug("Loaded {}", origin);
        }
        handerMap.put(origin, handler);
    }

    /**
     * Gets the CORS handler for the specified origin.
     * If no specific handler is found, returns the wildcard handler.
     *
     * @param origin the origin to look up
     * @return the CORS handler for the origin, or null if none found
     */

            corsHandler.process(origin, request, response);

            assertTrue("process should be called for origin: " + origin, processCalled);
            assertEquals(origin, processOrigin);

            List<String> originHeaders = responseHeaders.get("Access-Control-Allow-Origin");
            assertNotNull("Headers should be set for origin: " + origin, originHeaders);

        // Execute
        corsHandlerFactory.add(origin1, handler1);
        corsHandlerFactory.add(origin2, handler2);
        corsHandlerFactory.add(origin3, handler3);

        // Verify
        assertEquals(handler1, corsHandlerFactory.get(origin1));
        assertEquals(handler2, corsHandlerFactory.get(origin2));
        assertEquals(handler3, corsHandlerFactory.get(origin3));
    }

    public void test_get_wildcardOrigin() {

    }

    // Test with different origin formats
    public void test_doFilter_differentOrigins() throws Exception {
        String[] origins = { "http://localhost:8080", "https://example.com", "http://subdomain.example.com", "https://example.com:3000" };

        for (String origin : origins) {
            setUp(); // Reset for each test
            mockRequest.setHeader("Origin", origin);
            mockRequest.setMethod("GET");

cluster_deadline                (duration)  set the deadline for cluster readiness check (default: '10s')
cors_allow_origin               (csv)       set comma separated list of origins allowed for CORS requests (default: '*')
remote_transport_deadline       (duration)  set the deadline for API requests on remote transports while proxying between federated instances e.g. "2h" (default: '2h')

api.dashboard.response.headers=Referrer-Policy:strict-origin-when-cross-origin
# Allowed origins for CORS.
api.cors.allow.origin=*
# Allowed HTTP methods for CORS.
api.cors.allow.methods=GET, POST, OPTIONS, DELETE, PUT
# Max age for CORS preflight requests.
api.cors.max.age=3600
# Allowed headers for CORS.
api.cors.allow.headers=Origin, Content-Type, Accept, Authorization, X-Requested-With

org.tt
org.tw
org.ua
org.ug
org.uk
org.uy
org.uz
org.vc
org.ve
org.vi
org.vn
org.vu
org.ws
org.ye
org.yt
org.za
org.zm
org.zw
organic
origins
oristano.it
orkanger.no
orkdal.no
orland.no
orsites.com
orskog.no
orsta.no
orx.biz
os.hedmark.no
os.hordaland.no
osaka
osaka.jp
osakasayama.osaka.jp

* tip: Consejo (do not translate to "tip")
* check: Revisa (do not translate to "chequea" or "comprobación)
* Cross-Origin Resource Sharing: Cross-Origin Resource Sharing (do not translate to "Compartición de Recursos de Origen Cruzado")
* Release Notes: Release Notes (do not translate to "Notas de la Versión")
* Semantic Versioning: Semantic Versioning (do not translate to "Versionado Semántico")