Allow_cors

Allow_cors

{% allow_cors %}

Enables CORS headers on the response.

{% allow_cors always? %}

{% allow_cors
always
 
Specifies that the CORS headers should be sent for all origins
%}

If the "always" keyword is specified, CORS will be enabled for all origins. Otherwise it will only be enabled for the current origin (ie: {{ request.headers.origin }}).

Examples

Use the allow_cors tag to allow cross-origin requests either from all origins, from a specific domain, or based on custom logic.

How to allow cross-origin requests

Copy

From all origins

{% allow_cors always %}
Allow requests from any origin.

From a specific domain

{%- if request.headers.origin == 'https://specifically-allowed-domain.com' -%}
{%- allow_cors -%}
{%- endif -%}
Allow CORS only when the request Origin header matches a specific domain.

Based on custom logic

{%- set is_authorized = false -%}
{%- comment %}custom logic for authorizing the current request{% endcomment -%}
{%- if is_authorized -%}
{%- allow_cors -%}
{%- endif -%}
Allow CORS only when your authorization logic permits.

Related

{% gallery %}

{% articles %}

Examples

Use the allow_cors tag to allow cross-origin requests either from all origins, from a specific domain, or based on custom logic.

How to allow cross-origin requests

Copy

From all origins

{% allow_cors always %}
Allow requests from any origin.

From a specific domain

{%- if request.headers.origin == 'https://specifically-allowed-domain.com' -%}
{%- allow_cors -%}
{%- endif -%}
Allow CORS only when the request Origin header matches a specific domain.

Based on custom logic

{%- set is_authorized = false -%}
{%- comment %}custom logic for authorizing the current request{% endcomment -%}
{%- if is_authorized -%}
{%- allow_cors -%}
{%- endif -%}
Allow CORS only when your authorization logic permits.