CORSNonWildcardRequestHeadersSupport

2025-05-09

CORS non-wildcard request header support enabled

Supported versions

On Windows and macOS since 97 or later

Description

This policy lets you configure support of CORS non-wildcard request headers.

Microsoft Edge version 97 introduces support for CORS non-wildcard request headers. When a script makes a cross-origin network request via fetch() and XMLHttpRequest with a script-added Authorization header, the header must be explicitly allowed by the Access-Control-Allow-Headers header in the CORS preflight response. "Explicitly" here means that the wild card symbol "*" doesn't cover the Authorization header. See https://go.microsoft.com/fwlink/?linkid=2180022 for more detail.

If you enable or don't configure the policy, Microsoft Edge will support the CORS non-wildcard request headers and behave as previously described.

If you disable this policy, Microsoft Edge will allow the wildcard symbol ("*") in the Access-Control-Allow-Headers header in the CORS preflight response to cover the Authorization header.

This policy is a temporary workaround for the new CORS non-wildcard request header feature. It's intended to be removed in the future.

Supported features

Can be mandatory: Yes
Can be recommended: No
Dynamic Policy Refresh: Yes
Per Profile: Yes
Applies to a profile that is signed in with a Microsoft account: Yes

Data type

Boolean

Windows information and settings

Group Policy (ADMX) info

GP unique name: CORSNonWildcardRequestHeadersSupport
GP name: CORS non-wildcard request header support enabled
GP path (Mandatory): Administrative Templates/Microsoft Edge
GP path (Recommended): N/A
GP ADMX file name: MSEdge.admx

Example value

Enabled

Registry settings

Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
Path (Recommended): N/A
Value name: CORSNonWildcardRequestHeadersSupport
Value type: REG_DWORD

Example registry value

0x00000001

Mac information and settings

Preference Key name: CORSNonWildcardRequestHeadersSupport
Example value:

<true/>

Share via