CORS Configuration
Cross-Origin Resource Sharing (CORS) is an HTTP header-based mechanism that allows restricted resources on a web page to be accessed from another domain outside the domain from which the resource was served.
While HTTPS and CORS can be set directly on the web service, we strongly recommend running a reverse proxy server in front and move configuration to it instead. Both mentioned variants of the Web Service infrastructure setup are considered in detail on the Security page.
To set up the CORS, use:
config.yaml
service:
cors:
origins: "*"
headers: "Content-Type"
methods: "POST,PUT,GET,DELETE,PATCH,HEAD"
| Parameter | Type | Default | Description |
|---|---|---|---|
origins |
string | — | Origin of requests, allowed to use API. |
headers |
string | "*" |
Headers, allowed to read from the API. Comma-separated values as a single string (for example, "content-type,date"). |
methods |
string | "POST,PUT,GET,DELETE,PATCH,HEAD,OPTIONS" |
Methods, allowed to invoke on the API. Comma-separated values as a single string (for example, "GET,POST,PUT"). |