cors
plugin can help you enable CORS easily.
allow_origins
: optional
, Which Origins is allowed to enable CORS, format as:scheme
://host
:port
, for example: https://somehost.com:8081. Multiple origin use ,
to split. When allow_credential
is false
, you can use *
to indicate allow all any origin. you alse can allow all any origins forcefully using **
even already enable allow_credential
, but it will bring some securiy risks. Default value: *
.allow_methods
: optional
, Which Method is allowed to enable CORS, such as: GET
, POST
etc. Multiple method use ,
to split. When allow_credential
is false
, you can use *
to indicate allow all any method. You alse can allow all any method forcefully using **
even already enable allow_credential
, but it will bring some securiy risks. Default value: *
.allow_headers
: optional
, Which headers are allowed to set in requst when access cross-origin resource. Multiple value use ,
to split. Default value: *
.expose_headers
: optional
, Which headers are allowed to set in response when access cross-origin resource. Multiple value use ,
to split. Default value: *
.max_age
: optional
, Maximum number of seconds the results can be cached.. Within this time range, the browser will reuse the last check result. -1
means no cache. Please note that the maximum value is depended on browser, please refer to MDN for details.Default value: 5
.allow_credential
: Enable request include credentia (such as Cookie etc.), Default avlue: false
.Create a Route
or Service
object and configure cors
plugin.
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "uri": "/hello", "plugins": { "cors": {} }, "upstream": { "type": "roundrobin", "nodes": { "127.0.0.1:8080": 1 } } }'
curl to server, you will find the headers about CORS
is be returned, it means plugin is working fine.
curl http://127.0.0.1:9080/hello -v ... < Server: APISIX web server < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: * < Access-Control-Allow-Headers: * < Access-Control-Expose-Headers: * < Access-Control-Max-Age: 5 ...
Remove plugin from configuraion.
$ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "uri": "/hello", "plugins": {}, "upstream": { "type": "roundrobin", "nodes": { "127.0.0.1:8080": 1 } } }'