Documentation

CORS Headers

CORS, or Cross Origin Resource Sharing, helps manage which external origins can make requests to your project. It can help prevent bad actors from spamming your site with requests that shouldn't be allowed in the first place.

Enabling CORS #

To configure your project to return permissive CORS headers (i.e. allow requests from any origin), do the following:

  1. Navigate to the "CORS Headers" section in your project's Access Control page.

  2. Flip the switch to enable CORS Headers.

  3. Click the Sync button to deploy the change.

Restricting Domains and Paths #

If you'd prefer to restrict CORS to specific domains and URL paths, perform the following:

  1. Navigate to the "CORS Headers" section in your project's Access Control page.

  2. If CORS is currently disabled, flip the switch to enable it. This will reveal fields to enter domains and paths.

  3. Enter the domains and/or paths that you'd like to restrict CORS to. Click the "Add another" buttons to add additional values.

    Note: when domains and paths are specified, a request must match one of the domains and one of the paths for CORS headers to be returned.

  4. Click the "Save" button.

  5. Click the Sync button to deploy the change.