Documentation Home
⤤ Stallion Home
⤤ JavaDoc
Tutorials
Flat-file Website or Blog Javascript Web Application Java Web Application Publishing your site to a server
Reference Guide
Javascript and CSS Asset Bundling Models, Data Access, and Querying SQL Databases RESTful Endpoints Monitoring Templating Users and Authentication Settings and Configuration
Common Tasks
Sending Emails Asynchronous Tasks and Scheduled Tasks Recurring Jobs Fetching External Web Pages Caching Using Date and Time Simple Encryption and Decryption Sanitizing HTML Logging
Minor Features
CORS XSRF Protection Clickjacking Protection Redirects and Rewrites
Warning! This documentation is a work in progress. Expect things to be out of date and not actually work according to instructions.

Cross-origin resource sharing (CORS) Support

By default CORS requests are blocked for all files other than fonts. You can customize this by adding CORS configuration to your cond/stallion.toml file. Here is a full example of such a configuration, with the default settings:

[cors]
allowAll = false # Allow all CORS requests
allowAllForFonts = true # All CORS requests for any file with the extension of a font
originWhitelist = [] # A list of origins to allow
originRegexWhitelist = [] # A list of regular expressions for origins to allow
allowHeaders = ["x-requested-with", "content-type", "accept", "origin", "authorization", "x-csrftoken"] # a list of allowed headers for CORS requests
allowMethods = ["GET", "POST", "DELETE", "PUT", "PATCH", "OPTIONS"] # a list of allowed methods for CORS requests 
preflightMaxAge = 86400 # Seconds allowed from the preflight response to the actual request
© 2024 Stallion Software LLC