add cors and responseHeaders

CodeShellDev · CodeShellDev · commit e9090dd99f6f · 2026-03-19T19:43:24.000+01:00
diff --git a/docs/configuration/cors.md b/docs/configuration/cors.md
@@ -0,0 +1,32 @@
+---
+title: CORS
+---
+
+# CORS
+
+Configure CORS headers via the `settings.access.cors` setting.
+
+**Example:**
+
+```yaml
+settings:
+  access:
+    cors:
+      methods: [GET, POST, PUT, PATCH, DELETE, OPTIONS]
+      headers:
+        ["Content-Type", "Authorization", "Accept", "Accept-Language", "Origin"]
+        origins:
+          - url: "https://domain.com"
+          - url: "https://example.com/path"
+            methods: [GET]
+            headers: ["Content-Type"]
+```
+
+> [!NOTE]
+> The `Access-Control-Allow-Credentials` header is automatically set to `true`
+
+**Defaults** can be set under `cors.methods` and `cors.headers`, when adding origins under `cors.origins` **overwrites** can be defined
+under `methods` and `headers` like in the example above.
+
+> [!IMPORTANT]
+> The `cors.methods` setting maps to `Access-Control-Allow-Methods` and `cors.headers` to `Access-Control-Allow-Headers`
diff --git a/docs/configuration/examples/config.yml b/docs/configuration/examples/config.yml
@@ -17,6 +17,10 @@ api:
         methods: [body, query]
 
 settings:
+  http:
+    responseHeaders:
+      X-Custom: "xyz"
+
   message:
     templating:
       messageTemplate: |
@@ -69,3 +73,11 @@ settings:
         - value: "+12340000[4-9]"
           matchType: regex
           action: block
+
+    cors:
+      methods: [GET, POST]
+      headers: ["Content-Type", "Accept-Language"]
+      origins:
+        - url: "https://domain.com"
+          methods: [GET]
+          headers: ["Content-Type"]
diff --git a/docs/configuration/examples/token.yml b/docs/configuration/examples/token.yml
@@ -11,6 +11,10 @@ api:
     methods: [bearer, basic, body, path] # add path auth
 
 settings:
+  http:
+    responseHeaders: # overwrite response headers
+      X-Custom: "Lorem Ipsum Dolor"
+
   message:
     template: # disable
     variables: # overwrite main config variables
@@ -39,3 +43,5 @@ settings:
       period: 10h # overwrite main config period
 
     fieldPolicies: # disable
+
+    cors: # disable
diff --git a/docs/configuration/http.md b/docs/configuration/http.md
@@ -0,0 +1,19 @@
+---
+title: HTTP
+---
+
+# HTTP
+
+The `settings.http` setting is used for configuring various http-specific features.
+
+**Example:**
+
+```yaml
+settings:
+  responseHeaders:
+    X-Custom-Header: "xyz"
+```
+
+## `responseHeaders`
+
+Used for setting custom response headers.
