设置域名HTTP响应头域

请求参数

Header 参数

Authorization

string

必需

该值格式为: Bearer {token},Bearer是固定前缀,token是通过请求签名认证接口获取到的，参考鉴权接口文档

默认值:

Bearer Af8VDldHtQxxxF4n=H8tLRl9Er7WdhaXvWWd/

Content-Type

string

json 类型

必需

默认值:

application/json

Body 参数application/json

domain

string

加速域名名称

必需

enable_cors

boolean

可选

是否启用CORS: true(开启)、false(关闭)

cors_config

object

可选

CORS配置, 如果开启了cors，则此参数cors_config是必传

access_control_allow_origins

object

可选

CORS预检请求中允许访问的源

access_control_allow_headers

object

可选

CORS预检请求中允许的请求头

access_control_allow_methods

object

可选

CORS预检请求中允许的http方法

access_control_expose_headers

object

可选

CORS列出可以暴露给浏览器的header头

access_control_max_age_sec

integer

可选

CORS预检请求的缓存有效时长

security_headers_config

object

安全头

可选

strict_transport_security

object

可选

HSTS，告诉浏览器只能通过 HTTPS 访问当前资源

content_type_options

object

可选

是否尝试MIME类型嗅探

frame_options

object

可选

用于控制页面是否可以被嵌入到、<frame>、<embed> 或 <object> 元素中

xss_orotection

object

可选

xss跨站脚本攻击保护

referrer_policy

object

可选

过滤和控制Referrer的传递方式和内容

content_security_policy

object

可选

csp机制允许哪些外部资源可以加载和执行

custom_headers_config

array [object {2}]

可选

自定义响应头，可填多个

key

string

header头名称

必需

value

string

header头值

必需

remove_headers_config

array [object {1}]

可选

删除响应头,可填多个

key

string

header头名称

必需

示例

{
  "domain": "apitest1.rgslb.link",
  "enable_cors": true,
  "cors_config": {
    "access_control_allow_origins": {
      "type": "*",
      "values": []
    },
    "access_control_allow_headers": {
      "type": "*",
      "values": [
        "host",
        "user-agent"
      ]
    },
    "access_control_allow_methods": {
      "type": "customize",
      "values": [
        "GET",
        "POST"
      ]
    },
    "access_control_expose_headers": {
      "type": "none",
      "values": []
    },
    "access_control_max_age_sec": 604
  },
  "security_headers_config": {
    "strict_transport_security": {
      "enable": true,
      "access_control_max_age_sec": 31536000,
      "preload": true,
      "include_subdomains": false
    },
    "content_type_options": {
      "enable": true
    },
    "frame_options": {
      "enable": true,
      "frame_option": "SAMEORIGIN"
    },
    "xss_orotection": {
      "enable": true,
      "protection": 1,
      "mode_block": true,
      "report_uri": "http://www.baidu.com"
    },
    "referrer_policy": {
      "enable": true,
      "referrer_policy": "no-referrer"
    },
    "content_security_policy": {
      "enable": true,
      "content_security_policy": "default-src"
    }
  },
  "custom_headers_config": [
    {
      "key": "CDN",
      "value": "fusion"
    },
    {
      "key": "test",
      "value": "fusion-test"
    }
  ],
  "remove_headers_config": [
    {
      "key": "date"
    }
  ]
}

示例代码

Shell

JavaScript

Java

Swift

PHP

Python

HTTP

Objective-C

Ruby

OCaml

Dart

curl --location --request POST 'https://ctgcdn.esurfingcloud.com/API/cdn/domain/http/response/headers' \
--header 'Authorization;' \
--header 'Content-Type: application/json' \
--data-raw '{
    "domain": "apitest1.rgslb.link",
    "enable_cors": true,
    "cors_config": {
        "access_control_allow_origins": {
            "type": "*",
            "values": []
        },
        "access_control_allow_headers": {
            "type": "*",
            "values": [
                "host",
                "user-agent"
            ]
        },
        "access_control_allow_methods": {
            "type": "customize",
            "values": [
                "GET",
                "POST"
            ]
        },
        "access_control_expose_headers": {
            "type": "none",
            "values": []
        },
        "access_control_max_age_sec": 604
    },
    "security_headers_config": {
        "strict_transport_security": {
            "enable": true,
            "access_control_max_age_sec": 31536000,
            "preload": true,
            "include_subdomains": false
        },
        "content_type_options": {
            "enable": true
        },
        "frame_options": {
            "enable": true,
            "frame_option": "SAMEORIGIN"
        },
        "xss_orotection": {
            "enable": true,
            "protection": 1,
            "mode_block": true,
            "report_uri": "http://www.baidu.com"
        },
        "referrer_policy": {
            "enable": true,
            "referrer_policy": "no-referrer"
        },
        "content_security_policy": {
            "enable": true,
            "content_security_policy": "default-src"
        }
    },
    "custom_headers_config": [
        {
            "key": "CDN",
            "value": "fusion"
        },
        {
            "key": "test",
            "value": "fusion-test"
        }
    ],
    "remove_headers_config": [
        {
            "key": "date"
        }
    ]
}'

返回响应

🟢200成功

application/json

Body

code

integer

必需

返回状态码,1为成功，其他为失败

message

string

返回信息

必需

data

array [object {3}]

必需

key

string

响应头名称

必需

value

string | integer

响应头值

必需

action

string

可选

remove,删除响应头的时候才返回

domain

string

加速域名

必需

示例

{
  "code": 1,
  "message": "OK",
  "data": [
    {
      "key": "Access-Control-Allow-Origin",
      "value": "*"
    },
    {
      "key": "Access-Control-Allow-Headers",
      "value": "*"
    },
    {
      "key": "Access-Control-Allow-Methods",
      "value": "GET,POST"
    },
    {
      "key": "Access-Control-Max-Age",
      "value": 604
    },
    {
      "key": "CDN",
      "value": "fusion"
    },
    {
      "key": "test",
      "value": "fusion-test"
    },
    {
      "key": "date",
      "action": "remove"
    }
  ],
  "domain": "apitest1.rgslb.link"
}