Merge pull request #123 from ebondu/doc-3297

Adding doc for bug 3297.
2017-05-05 12:54:56 +02:00 · 2017-05-05 12:54:56 +02:00 · c7534eedc8
commit c7534eedc8
parent 5991067ffe 5f090598ea
1 changed files with 7 additions and 0 deletions
--- a/securing_apps/topics/oidc/java/java-adapter-config.adoc
+++ b/securing_apps/topics/oidc/java/java-adapter-config.adoc
@ -17,6 +17,7 @@ This is what one might look like:
  "enable-cors" : true,
  "cors-max-age" : 1000,
  "cors-allowed-methods" : "POST, PUT, DELETE, GET",
+  "cors-exposed-headers" : "WWW-Authenticate, My-custom-exposed-Header",
  "bearer-only" : false,
  "enable-basic-auth" : false,
  "expose-token" : true,
@ -103,6 +104,12 @@ cors-allowed-headers::
  This is _OPTIONAL_.
  If not set, this header is not returned in CORS responses.

+cors-exposed-headers::
+  If CORS is enabled, this sets the value of the `Access-Control-Expose-Headers` header.
+  This should be a comma-separated string.
+  This is _OPTIONAL_.
+  If not set, this header is not returned in CORS responses.
+
 bearer-only::
  This should be set to _true_ for services. If enabled the adapter will not attempt to authenticate users, but only verify bearer tokens.
  This is _OPTIONAL_.