Parameter
|
Value
|
---|---|
cors.allowed.origins
|
Leave empty unless otherwise desired.
|
cors.allowed.methods
|
OPTIONS,GET,POST,HEAD,PUT,DELETE
|
cors.allowed.headers
|
Authorization,appKey,x-thingworx-session,Content-Type,X-Requested-With,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Accept
|
cors.exposed.headers
|
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
|
cors.support.credentials
|
false
|
cors.preflight.maxage
|
10
|
cors.request.decorate
|
true
|
![]() |
The ThingWorx Platform does not set any default values.
|
![]() |
If CSP is enabled, it will be used instead of clickjacking protections.
|