Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
CORS non-wildcard request header support enabled
Supported versions
- On Windows and macOS since 97 or later
Description
This policy lets you configure support of CORS non-wildcard request headers.
Microsoft Edge version 97 introduces support for CORS non-wildcard request headers. When a script makes a cross-origin network request via fetch() and XMLHttpRequest with a script-added Authorization header, the header must be explicitly allowed by the Access-Control-Allow-Headers header in the CORS preflight response. "Explicitly" here means that the wild card symbol "*" doesn't cover the Authorization header. See https://go.microsoft.com/fwlink/?linkid=2180022 for more detail.
If you enable or don't configure the policy, Microsoft Edge will support the CORS non-wildcard request headers and behave as previously described.
If you disable this policy, Microsoft Edge will allow the wildcard symbol ("*") in the Access-Control-Allow-Headers header in the CORS preflight response to cover the Authorization header.
This policy is a temporary workaround for the new CORS non-wildcard request header feature. It's intended to be removed in the future.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: Yes
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Boolean
Windows information and settings
Group Policy (ADMX) info
- GP unique name: CORSNonWildcardRequestHeadersSupport
- GP name: CORS non-wildcard request header support enabled
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
Enabled
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: CORSNonWildcardRequestHeadersSupport
- Value type: REG_DWORD
Example registry value
0x00000001
Mac information and settings
- Preference Key name: CORSNonWildcardRequestHeadersSupport
- Example value:
<true/>