{% allow_cors %}

Overview
Flow Tags
- Assign
- Case
- Capture
- Comment
- Cycle
- For
- If
- Ifchanged
- Include
- Literal
- Map
- Raw
- Set
- Unless
- Var
Objects
- Article
- Author
- Blog
- Blog Post
- Calendar
- Calendar Entry
- Datastore
- Datastore Item
- Document
- Error Page
- Folder
- Form
- Form Field
- Form Submit
- Gallery
- Gallery Item
- Image
- Javascript
- Menu
- Menu Item
- Profile
- Snippet
- Tag
- Template
Other Objects
- Client
- Client Permissions
- Cookies
- Request Headers
- Forloop
- Header Tags
- Permissions
- Post Params
- Query Params
- Request
- Session
- Site
- Time
- Time Diff
Fields
- Checkbox
- Checkboxlist
- Code
- Date
- Datetime
- Dictionary
- Fieldset
- Html
- Labels
- Radio
- Select
- Text
- Textarea
- Timezone
- Toggle
- Url
Other Tags

Use this tag to enable Cross-Origin requests for the current page.

Syntax

{% allow_cors [always] %}

Using this tag will always allow cors requests for the current page. If the "always" flag is set, it will allow cors requests for all origins. If the "always" flag is not set, it will only allow cors requests for the current origin (ie: request.headers.origin).

Examples

{% allow_cors always %}

{% if request.headers.origin == 'https://specifically-allowed-domain.com' %} {% allow_cors %} {% endif %}

{% set is_authorized = false %} {% comment %}custom logic for authorizing the current request{% endcomment %} {% if is_authorized %} {% allow_cors %} {% endif %}