To Apply and Edit a CORS Policy
Cross-origins HTTP requests (CORS) let you request a resource from a different domain. This policy lets you share APIs across domains.
To apply a CORS policy:
-
Click the version number of an API.
-
On the API dashboard, click Policies.
The list of any applied policies appears.
-
In Apply New Policy.
-
In Select Policy, choose Cross-Origin Resource Sharing, and click Configure Policy.
-
If this is a public resource, click Apply. If not, uncheck Public Resource.
You can’t specify a new group until you specify the Default group. The Default group is not a fallback in the normal sense of a default. In this case, it is only the first group you configure for CORs.
-
To make a credentialed request, click Support credentials. For more information, see Mozilla’s Request with credentials article, and specify the group.
-
For the Default group, in Origins, specify one or more domain names, such as mulesoft.com. Separate multiple names with commas.
-
If needed, change Access Control Max Age to specify how long a preflight request can be cached.
-
In Methods, select Methods to govern with the policy.
-
In Headers, optionally list headers allowed by the API in the client request.
-
In Exposed Headers, optionally list response headers the client can access.
-
-
Click Apply.
To Edit a CORS Policy
After creating a CORS policy, on the API dashboard, click Actions > Edit to edit the policy.
-
Change values as needed.
-
Click Apply.
See Also
-
CORS overview:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Overview -
Mozilla’s Request with credentials:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials -
Preflight request:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests