Enabling CORS¶
Enable CORS configuration for API resources¶
You can add CrossOrigin Resource Sharing ( CORS ) configurations for each API (at API level) using the OpenAPI extension x-wso2-cors. The following code snippet depicts the usage of the x-wso2-cors
extension. For more information, see the detailed sample OpenAPI definition with CORS level configuration .
x-wso2-basePath: /petstore/v1
x-wso2-production-endpoints:
urls:
- https://petstore.swagger.io/v2
x-wso2-cors:
accessControlAllowOrigins:
- test.com
- example.com
accessControlAllowHeaders:
- Authorization
- Content-Type
accessControlAllowMethods:
- GET
- PUT
- POST
accessControlAllowCredentials: true
Enable CORS configuration for endpoints¶
You can enable CORs for /authorize, /revoke, /token, /apikey, /userinfo and /health endpoints by enabling the following configuration in toolkit-config.toml
located in <MICRO-GW_TOOLKIT_HOME>/conf/.
[corsConfiguration]
corsConfigurationEnabled = true
accessControlAllowCredentials = false
accessControlAllowOrigins = ["*"]
accessControlAllowHeaders = ["authorization", "Access-Control-Allow-Origin", "Content-Type", "SOAPAction"]
accessControlAllowMethods = ["GET", "PUT", "POST", "DELETE", "PATCH", "OPTIONS"]
Top