Nav

Applying and Editing a CORS Policy (Nov 2017 and Jul 2017)

Cross-origins HTTP requests (CORS) let you request a resource from a different domain. This policy lets you share APIs across domains.

Applying a CORS Policy

To apply a CORS policy:

  1. Click the version (Nov 2017) or instance (Jul 2017) number of an API.

  2. On the API dashboard, click Policies.

    The list of any applied policies appears.

  3. In Apply New Policy.

  4. In Select Policy, choose Cross-Origin Resource Sharing, and click Configure Policy.

  5. If this is a public resource, click Apply. If not, uncheck Public Resource.

    You can’t specify a new group until you specify the Default group. The Default group is not a fallback in the normal sense of a default. In this case, it is only the first group you configure for CORs.

  6. To make a credentialed request, click Support credentials. For more information, see Mozilla’s Request with credentials article, and specify the group:

    cors support credentials

    This screenshot shows the UI of the Nov 2017 API Manager. Functionally, the Jul 2017 version is the same.

    • For the Default group, in Origins, specify one or more domain names, such as mulesoft.com. Separate multiple names with commas.

    • If needed, change Access Control Max Age to specify how long a preflight request can be cached.

    • In Methods, select Methods to govern with the policy.

    • In Headers, optionally list headers allowed by the API in the client request.

    • In Exposed Headers, optionally list response headers the client can access.

  7. Click Apply.

Editing a CORS Policy

After creating a CORS policy, on the API dashboard, click Actions > Edit to edit the policy.

  1. Change values as needed.

  2. Click Apply.