CA API Gateway: Process CORS Assertion Accepted Headers
Article ID: 115800
CA Rapid App Security
CA API Gateway
What is the purpose of the "Accepted Headers" tab of the Process CORS assertion?
It is observed that passing headers not in this list are accepted whereas an error would be expected.
The assertion will enforce headers as specified using the “Access-Control-Request-Headers” header during the CORS pre-flight request.
However, in the case of a simple CORS request (as opposed to a complex request, preflight request + actual request) this will not be enforced.