..
    Warning: Do not edit this file. It is automatically generated from the
    software project's code and your changes will be overwritten.

    The tool to generate this file lives in openstack-doc-tools repository.

    Please make any changes needed in the code, then run the
    autogenerate-config-doc tool from the openstack-doc-tools repository, or
    ask for help on the documentation mailing list, IRC channel or meeting.

.. _nova-cors:

.. list-table:: Description of CORS configuration options
   :header-rows: 1
   :class: config-ref-table

   * - Configuration option = Default value
     - Description
   * - **[cors]**
     -
   * - ``allow_credentials`` = ``True``
     - (BoolOpt) Indicate that the actual request can include user credentials
   * - ``allow_headers`` = ``Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma``
     - (ListOpt) Indicate which header field names may be used during the actual request.
   * - ``allow_methods`` = ``GET, POST, PUT, DELETE, OPTIONS``
     - (ListOpt) Indicate which methods can be used during the actual request.
   * - ``allowed_origin`` = ``None``
     - (StrOpt) Indicate whether this resource may be shared with the domain received in the requests "origin" header.
   * - ``expose_headers`` = ``Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma``
     - (ListOpt) Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.
   * - ``max_age`` = ``3600``
     - (IntOpt) Maximum cache age of CORS preflight requests.
   * - **[cors.subdomain]**
     -
   * - ``allow_credentials`` = ``True``
     - (BoolOpt) Indicate that the actual request can include user credentials
   * - ``allow_headers`` = ``Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma``
     - (ListOpt) Indicate which header field names may be used during the actual request.
   * - ``allow_methods`` = ``GET, POST, PUT, DELETE, OPTIONS``
     - (ListOpt) Indicate which methods can be used during the actual request.
   * - ``allowed_origin`` = ``None``
     - (StrOpt) Indicate whether this resource may be shared with the domain received in the requests "origin" header.
   * - ``expose_headers`` = ``Content-Type, Cache-Control, Content-Language, Expires, Last-Modified, Pragma``
     - (ListOpt) Indicate which headers are safe to expose to the API. Defaults to HTTP Simple Headers.
   * - ``max_age`` = ``3600``
     - (IntOpt) Maximum cache age of CORS preflight requests.