CORS Setting
CORS (Cross-Origin Resource Sharing) allows web pages to make requests to different domains than the one the web page was loaded from. It works by adding HTTP headers to the response which indicate if the origin is allowed to access the resource. The browser checks these headers to decide if the request should be allowed or blocked.
How to set up CORS?
Navigate to Sites -> Sites Settings -> Modules -> CORS Configuration
Click on Add CORS
Go to Navigate to Sites -> Sites Settings -> Domains
In the domain settings, apply the configuration to the desired domain.
Adding CORS Configuration - Field Descriptions:
Name: Custom name for the CORS configuration.
Allow Origins: Define which origins are allowed to access your resources.
Example parameters:
* (Allow all origins)
https://test.com (Allow only https://test.com to access)
https://* (Allow all HTTPS origins)
http://* (Allow all HTTP origins)
Access-Control-Allow-Methods: Specify the HTTP methods that are allowed.
Default supported methods:
GET
HEAD
POST
PUT
DELETE
OPTIONS
PATCH
Access-Control-Max-Age: Set the cache time for preflight requests in seconds. The default is 86400 (one day).
Allow Headers: Specify which custom headers are allowed in the request.
Example parameters:
* (Allow all headers)
Keep-Alive
User-Agent
Expose Headers: List the headers that the client can access from the response.
Example parameters:
* (Expose all headers)
Cache-Control
Content-Language
Last updated