Enable CORS configuration for API resources (API level)¶
If you are following the developer first approach, (deploy the API via CLI tool). You can add CrossOrigin Resource Sharing (CORS) configurations for each API (at API level) using the OpenAPI vendor extension x-wso2-cors in the API definition. The following code snippet depicts the usage of the
x-wso2-cors extension. For more information, see the detailed sample OpenAPI definition with CORS level configuration.
x-wso2-basePath: /petstore/v1 x-wso2-production-endpoints: urls: - https://petstore.swagger.io/v2 x-wso2-cors: accessControlAllowOrigins: - test.com - example.com accessControlAllowHeaders: - Authorization - Content-Type accessControlAllowMethods: - GET - PUT - POST accessControlAllowCredentials: true
Enable CORS configurations globally¶
You can enable CORS for Choreo Connect by configuring in the
config.toml file, which is located in the
Follow the instructions below to enable CORS globally. Once this is enabled, it will apply this configurations through all endpoints and APIs deployed in Choreo Connect.
- Open the
Locate the following configuration set and make the
truewith the required CORS attributes there.
[router.cors] enabled = true allowOrigins = ["*"] allowMethods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"] allowHeaders = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey", "testKey", "Internal-Key"] exposeHeaders =  allowCredentials = false
Global CORS configuration is enabled by default. Access control can be done by changing the parameters mentioned above in the
If CORS for a certain API is disabled from API Level Configurations, the default global Configurations will apply.