github.com/hellofresh/janus@v0.0.0-20230925145208-ce8de8183c67/docs/plugins/cors.md (about) 1 # CORS 2 3 Easily add Cross-origin resource sharing (CORS) to your API by enabling this plugin. 4 5 ## Configuration 6 7 The plain cors config: 8 9 ```json 10 "cors": { 11 "enabled": true, 12 "config": { 13 "domains": ["*"], 14 "methods": ["GET", "POST"], 15 "request_headers": ["X-Custom-Header", "X-Foobar"], 16 "exposed_headers": ["X-Something-Special"], 17 "options_passthrough": true 18 } 19 } 20 ``` 21 22 | Configuration | Description | 23 |---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 24 | domains | A comma-separated list of allowed domains for the Access-Control-Allow-Origin header. If you wish to allow all origins, add * as a single value to this configuration field. | 25 | methods | Value for the Access-Control-Allow-Methods header, expects a comma delimited string (e.g. GET,POST). | 26 | request_headers | Value for the Access-Control-Allow-Headers header, expects a comma delimited string (e.g. Origin, Authorization). | 27 | exposed_headers | Value for the Access-Control-Expose-Headers header, expects a comma delimited string (e.g. Origin, Authorization). If not specified, no custom headers are exposed. | 28 | options_passthrough | Instructs preflight to let other potential next handlers to process the OPTIONS method. |