CA API Gateway: Process CORS Assertion Accepted Headers

Document ID : KB000115800
Last Modified Date : 25/09/2018
Show Technical Document Details
What is the purpose of the "Accepted Headers" tab of the Process CORS assertion?
It is observed that passing headers not in this list are accepted whereas an error would be expected.

The assertion will enforce headers as specified using the “Access-Control-Request-Headers” header during the CORS pre-flight request. 

However, in the case of a simple CORS request (as opposed to a complex request, preflight request + actual request) this will not be enforced.