CORS

Applies Cross-Origin Resource Sharing rules for browser clients.

Use the CORS policy to specify which origins, headers, and HTTP methods are allowed when a browser client accesses your API.

Note: Parameters for the CORS policy are not provided within the policy. The policy retrieves its configuration from the cors section of the API definition and enforces the rules defined in that section.

For more information on the policy parameter descriptions, see DataPower Nano Gateway documentation.

Example of a CORS policy in code view.

kind: cors
apiVersion: api.ibm.com/v1
metadata:
  name: enforce_cors
  version: 1
  namespace: sample
spec: 
  rules:
    - action: Allow/DENY
      originList:
        - www.domain.com
        - www.test.com
      allowCredentials: true
      allowMethods:
        - GET
        - POST
        - PUT
        - DELETE
      allowHeaders:
        - header1
        - header2
      maxAge: 34
      exposeHeaders:
        predefined: true
        custom: 'header3,header4'
        backend: false