CORS

Easily add Cross-origin resource sharing (CORS) to your API by enabling this plugin.

Configuration

The plain cors config:

"cors": {
    "enabled": true,
    "config": {
        "domains": ["*"],
        "methods": ["GET", "POST"],
        "request_headers": ["X-Custom-Header", "X-Foobar"],
        "exposed_headers": ["X-Something-Special"],
        "options_passthrough": true
    }
}

Configuration	Description
domains	A comma-separated list of allowed domains for the Access-Control-Allow-Origin header. If you wish to allow all origins, add * as a single value to this configuration field.
methods	Value for the Access-Control-Allow-Methods header, expects a comma delimited string (e.g. GET,POST).
request_headers	Value for the Access-Control-Allow-Headers header, expects a comma delimited string (e.g. Origin, Authorization).
exposed_headers	Value for the Access-Control-Expose-Headers header, expects a comma delimited string (e.g. Origin, Authorization). If not specified, no custom headers are exposed.
options_passthrough	Instructs preflight to let other potential next handlers to process the OPTIONS method.