Allow_cors

Allow_cors

{% allow_cors %}

Enables CORS headers on the response.

If the "always" keyword is specified, CORS will be enabled for all origins. Otherwise it will only be enabled for the current origin (ie: {{ request.headers.origin }}).

Examples

Allow cross-origin requests based on custom logic

Copy
{% set is_authorized = false %} {% comment %}custom logic for authorizing the current request{% endcomment %} {% if is_authorized %} {% allow_cors %} {% endif %}

Allow cross-origin requests from a specific domain

Copy
{% if request.headers.origin == 'https://specifically-allowed-domain.com' %} {% allow_cors %} {% endif %}

Allow cross-origin requests from all origins

Copy
{% allow_cors always %}