NpgsqlRest

Appearance

Comments
Written with Claude
IMPORTANT

As you may notice, this page and pretty much the entire website were obviously created with the help of AI. I wonder how you could tell? Was it a big "Written With Claude" badge on every page? I moved it to the top now (with the help of AI of course) to make it even more obvious. There are a few blogposts that were written by me manually, the old-fashioned way, I hope there will be more in the future, and those have a similar "Human Written" badge. This project (not the website), on the other hand, is a very, very different story. It took me more than two years of painstaking and unpaid work in my own free time. A story that, hopefully, I will tell someday. But meanwhile, what would you like me to do? To create a complex documentation website with a bunch of highly technical articles with the help of AI and fake it, to give you an illusion that I also did that manually? Like the half of itnernet is doing at this point? How does that makes any sense? Is that even fair to you? Or maybe to create this website manually, the old-fashioned way, just for you? While working a paid job for a salary, most of you wouldn't even get up in the morning. Would you like me to sing you a song while we're at it? For your personal entertainment? Seriously, get a grip. Do you find this information less valuable because of the way this website was created? I give my best to fix it to keep the information as accurate as possible, and I think it is very accurate at this point. If you find some mistakes, inaccurancies or problems, there is a comment section at the bottom of every page, which I also made with the help of the AI. And I woould very much appreciate if you leave your feedback there. Look, I'm just a guy who likes SQL, that's all. If you don't approve of how this website was constructed and the use of AI tools, I suggest closing this page and never wever coming back. And good riddance. And I would ban your access if I could know how. Thank you for your attention to this matter.

CORS

Cross-Origin Resource Sharing (CORS) configuration for controlling access from different origins.

Overview

json
{
  "Cors": {
    "Enabled": false,
    "AllowedOrigins": [],
    "AllowedMethods": ["*"],
    "AllowedHeaders": ["*"],
    "AllowCredentials": true,
    "PreflightMaxAgeSeconds": 600
  }
}

Settings Reference

SettingTypeDefaultDescription
EnabledboolfalseEnable Cross-Origin Resource Sharing (CORS) support.
AllowedOriginsarray[]List of allowed origins for CORS requests. Empty array allows no origins.
AllowedMethodsarray["*"]List of allowed HTTP methods for CORS requests.
AllowedHeadersarray["*"]List of allowed headers for CORS requests.
AllowCredentialsbooltrueAllow credentials (cookies, authorization headers) in CORS requests.
PreflightMaxAgeSecondsint600Maximum age in seconds for preflight request caching (10 minutes).

Allowed Origins

Specify which origins can make cross-origin requests:

json
{
  "Cors": {
    "Enabled": true,
    "AllowedOrigins": [
      "https://example.com",
      "https://app.example.com"
    ]
  }
}

WARNING

An empty AllowedOrigins array allows no origins. You must specify at least one origin when CORS is enabled.

Allow All Origins

To allow requests from any origin (not recommended for production with credentials):

json
{
  "Cors": {
    "Enabled": true,
    "AllowedOrigins": ["*"],
    "AllowCredentials": false
  }
}

DANGER

Using "*" for origins with AllowCredentials: true is not allowed by browsers and will cause CORS errors.

Allowed Methods

Specify which HTTP methods are permitted:

json
{
  "Cors": {
    "AllowedMethods": ["GET", "POST", "PUT", "DELETE"]
  }
}

Use ["*"] to allow all methods.

Allowed Headers

Specify which request headers are permitted:

json
{
  "Cors": {
    "AllowedHeaders": ["Content-Type", "Authorization", "X-Requested-With"]
  }
}

Use ["*"] to allow all headers.

Credentials

When AllowCredentials is true, the browser includes cookies and authorization headers in cross-origin requests. This requires specific origins (not "*").

Preflight Caching

The PreflightMaxAgeSeconds setting controls how long browsers cache preflight (OPTIONS) request responses. Higher values reduce preflight requests but delay CORS policy changes from taking effect.

Example Configuration

Production configuration with specific origins:

json
{
  "Cors": {
    "Enabled": true,
    "AllowedOrigins": [
      "https://myapp.com",
      "https://admin.myapp.com"
    ],
    "AllowedMethods": ["GET", "POST", "PUT", "DELETE"],
    "AllowedHeaders": ["Content-Type", "Authorization"],
    "AllowCredentials": true,
    "PreflightMaxAgeSeconds": 3600
  }
}

Development configuration allowing all origins:

json
{
  "Cors": {
    "Enabled": true,
    "AllowedOrigins": ["*"],
    "AllowedMethods": ["*"],
    "AllowedHeaders": ["*"],
    "AllowCredentials": false,
    "PreflightMaxAgeSeconds": 600
  }
}

Next Steps

Comments

Released under the MIT License.

Copyright © 2024-2026 VB Consulting