Edit in GitHubLog an issue

CORS headers

Cross-origin resource sharing (CORS) allows you to pass resources that are usually restricted to an outside domain. Refer to MDN's documentation for more information on CORS headers.

To add CORS headers to your mesh, create a CORS object in the responseConfig object, using the following key-value pairs:

  • origin (Required) - the scheme and domain of the resource you want to allow to make a CORS request
  • methods (Required) - the HTTP request methods allowed in the CORS request, such as GET, POST, and OPTIONS
  • allowedHeaders - a string of allowed headers in preflight requests
  • credentials - a boolean value that indicates if credentials can be included in CORS request (default: false)
  • exposedHeaders - a comma-delimited CORS request that contains headers to expose
  • maxAge - the maximum number of seconds the preflight response (the values of the origin and methods headers) can be cached

When specifying a CORS origin, list all applicable origins. Do not enter * for the value, as this will return the request's origin.

The following examples show how to use CORS with a single origin or with multiple origins:

Copied to your clipboard
{
...
"responseConfig": {
"CORS": {
"origin": "https://www.<your-domain>.com",
"methods": [
"GET",
"POST"
],
"maxAge": 60480,
"credentials": true,
"exposedHeaders": [
"Content-Range",
"X-Content-Range"
]
}
}
...
}
  • Privacy
  • Terms of Use
  • Do not sell or share my personal information
  • AdChoices
Copyright © 2024 Adobe. All rights reserved.