CORS
Easily add Cross-origin resource sharing (CORS) to your API by enabling this plugin.
Configuration
The plain cors config:
"cors": {
"enabled": true,
"config": {
"domains": ["*"],
"methods": ["GET", "POST"],
"request_headers": ["X-Custom-Header", "X-Foobar"],
"exposed_headers": ["X-Something-Special"],
"options_passthrough": true
}
}
| Configuration | Description |
|---|---|
| domains | A comma-separated list of allowed domains for the Access-Control-Allow-Origin header. If you wish to allow all origins, add * as a single value to this configuration field. |
| methods | Value for the Access-Control-Allow-Methods header, expects a comma delimited string (e.g. GET,POST). |
| request_headers | Value for the Access-Control-Allow-Headers header, expects a comma delimited string (e.g. Origin, Authorization). |
| exposed_headers | Value for the Access-Control-Expose-Headers header, expects a comma delimited string (e.g. Origin, Authorization). If not specified, no custom headers are exposed. |
| options_passthrough | Instructs preflight to let other potential next handlers to process the OPTIONS method. |