open fun setAllowedOrigins(allowedOrigins: MutableCollection<String>): Unit
Configure allowed Origin header values. This check is mostly designed for browsers. There is nothing preventing other types of client to modify the Origin header value.
When SockJS is enabled and origins are restricted, transport types that do not allow to check request origin (JSONP and Iframe based transports) are disabled. As a consequence, IE 6 to 9 are not supported when origins are restricted.
Each provided allowed origin must have a scheme, and optionally a port (e.g. "http://example.org", "http://example.org:9090"). An allowed origin string may also be "*" in which case all origins are allowed.
Since
4.1.2
See Also
<a href="https://tools.ietf.org/html/rfc6454">RFC 6454: The Web Origin Concept</a><a href="https://github.com/sockjs/sockjs-client#supported-transports-by-browser-html-served-from-http-or-https">SockJS supported transports by browser</a>