{% allow_cors %}

Use this tag to enable Cross-Origin requests for the current page.

Syntax

{% allow_cors [always] %}

Using this tag will always allow cors requests for the current page. If the "always" flag is set, it will allow cors requests for all origins. If the "always" flag is not set, it will only allow cors requests for the current origin (ie: request.headers.origin).

Examples

To allow cross-origin requests from a specific domain:

{% if request.headers.origin == 'https://specifically-allowed-domain.com' %}
    {% allow_cors %}
{% endif %}

To allow cross-origin requests based on custom logic:

{% set is_authorized = false %}
{% comment %}custom logic for authorizing the current request{% endcomment %}
{% if is_authorized %}
    {% allow_cors %}
{% endif %}

To allow cross-origin requests from all origins:

{% allow_cors always %}

Developer Overview

Liquid Markup