Contact Us 1-800-596-4880

To Apply and Edit a CORS Policy

Cross-origins HTTP requests (CORS) let you request a resource from a different domain. This policy lets you share APIs across domains.

To apply a CORS policy:

  1. Click the version number of an API.

  2. On the API dashboard, click Policies.

    The list of any applied policies appears.

  3. In Apply New Policy.

  4. In Select Policy, choose Cross-Origin Resource Sharing, and click Configure Policy.

  5. If this is a public resource, click Apply. If not, uncheck Public Resource.

    You can’t specify a new group until you specify the Default group. The Default group is not a fallback in the normal sense of a default. In this case, it is only the first group you configure for CORs.

  6. To make a credentialed request, click Support credentials. For more information, see Mozilla’s Request with credentials article, and specify the group.

    • For the Default group, in Origins, specify one or more domain names, such as mulesoft.com. Separate multiple names with commas.

    • If needed, change Access Control Max Age to specify how long a preflight request can be cached.

    • In Methods, select Methods to govern with the policy.

    • In Headers, optionally list headers allowed by the API in the client request.

    • In Exposed Headers, optionally list response headers the client can access.

  7. Click Apply.

To Edit a CORS Policy

After creating a CORS policy, on the API dashboard, click Actions > Edit to edit the policy.

  1. Change values as needed.

  2. Click Apply.

See Also

  • Firewall Access Reference

  • CORS Reference

  • CORS overview: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Overview

  • Mozilla’s Request with credentials: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials

  • Preflight request: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests