CORS headers
Cross-origin resource sharing (CORS) allows you to pass resources that are usually restricted to an outside domain. Refer to MDN's documentation for more information on CORS headers.
To get CORS response headers when querying your mesh, you must provide an origin
request header with the origin URL as the value. For example, origin: https://<your-domain>.com
.
To add CORS headers to your mesh, create a CORS
object in the responseConfig
object, using the following key-value pairs:
origin
(Required) - the scheme and domain of the resource you want to allow to make a CORS requestmethods
(Required) - the HTTP request methods allowed in the CORS request, such as GET, POST, and OPTIONSallowedHeaders
- a string of allowed headers in preflight requestscredentials
- a boolean value that indicates if credentials can be included in CORS request (default:false
)exposedHeaders
- a comma-delimited CORS request that contains headers to exposemaxAge
- the maximum number of seconds the preflight response (the values of theorigin
andmethods
headers) can be cached
When specifying a CORS origin
, list all applicable origins. Do not enter *
for the value, as this will return the request's origin.
The following examples show how to use CORS with a single origin or with multiple origins:
Single origin
Multiple origins
Copied to your clipboard{..."responseConfig": {"CORS": {"origin": "https://www.<your-domain>.com","methods": ["GET","POST"],"maxAge": 60480,"credentials": true,"exposedHeaders": ["Content-Range","X-Content-Range"]}}...}
Copied to your clipboard{..."responseConfig": {"CORS": {"maxAge": 60480,"methods": ["GET","POST","PUT","HEAD","OPTIONS"],"origin": ["<origin1>", "<origin2>"]}}...}