The Require Origin policy is used to enforce that the client is sending an
origin header that matches your allow-list specified in the policy options.
This is useful if you want to stop any browser traffic from different domains.
However, it is important to note that it does not guarantee that traffic is only coming from a browser. Somebody could simulate a browser request from a backend server and set any origin they like.
If the incoming origin is missing, or not allowed - a 400 Forbidden Problem Response will be sent to the client. You can customize the
detail property in the policy options.
The configuration shows how to configure the policy in the 'policies.json' document.
name<string> - The name of your policy instance. This is used as a reference in your routes.
policyType<string> - The identifier of the policy. This is used by the Zuplo UI. Value should be
handler.export<string> - The name of the exported type. Value should be
handler.module<string> - The module containing the policy. Value should be
handler.options<object> - The options for this policy. See Policy Options below.
The options for this policy are specified below. All properties are optional unless specifically marked as required.
origins<string> (Required) -A comma separated string containing valid origins.
failureDetail<string> -TheDefaults to
detailof the HTTP Problem response, if the origin is missing or disallowed.
Using the Policy
Read more about how policies work