Ctrlk
Creator
Edit

CORS

Configure CORS (Cross-Origin Resource Sharing) for the Serverless API Gateway. Set allowed origins, methods, headers, and preflight cache.

The CORS section defines the CORS policy for your application.

  • allow_origins: Specifies which origins are allowed.

  • allow_methods: Lists the HTTP methods allowed.

  • allow_headers: Headers that are allowed in requests.

  • expose_headers: Headers that are exposed in responses.

  • allow_credentials: Indicates whether credentials are supported.

  • max_age: Specifies the cache duration for preflight requests.

Example

"cors": {
    "allow_origins": [
        "https://example.com",
        "https://example2.com"
    ],
    "allow_methods": [
        "GET",
        "POST",
        "PUT",
        "DELETE"
    ],
    "allow_headers": [
        "Content-Type",
        "Authorization"
    ],
    "expose_headers": [
        "Content-Type",
        "Authorization"
    ],
    "allow_credentials": true,
    "max_age": 86400
}

See Also

  • Authorizer -- set up JWT authentication that works alongside your CORS policy.

  • Servers -- define the upstream servers that your CORS-enabled gateway proxies to.

  • Configuration Guide -- full configuration reference including all sections.

\

PreviousAuthenticationNextVariable Mapping

Last updated