Allow_cors

Allow_cors

{% allow_cors %}

Enables CORS headers on the response.

{% allow_cors always? %}

{% allow_cors
always
 
Specifies that the CORS headers should be sent for all origins
%}

If the "always" keyword is specified, CORS will be enabled for all origins. Otherwise it will only be enabled for the current origin (ie: {{ request.headers.origin }}).

Examples

Allow cross-origin requests based on custom logic

Copy
{% set is_authorized = false %}
{% comment %}custom logic for authorizing the current request{% endcomment %}
{% if is_authorized %}
{% allow_cors %}
{% endif %}

Allow cross-origin requests from a specific domain

Copy
{% if request.headers.origin == 'https://specifically-allowed-domain.com' %}
{% allow_cors %}
{% endif %}

Allow cross-origin requests from all origins

Copy
{% allow_cors always %}