Edit CORS settings

Updates the cross-origin resource sharing (CORS) settings configured for an endpoint version.

Path Params
integer
required

The unique identifier for the endpoint version.

integer
required

The unique identifier for the endpoint.

Query Params
string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Body Params

Cross-origin resource sharing (CORS) settings configured for an endpoint. CORS enables clients to request restricted resources from external domains outside the domain that served the first resource. You can configure CORS settings if the API Gateway product is in your contract.

boolean
Defaults to false

Whether you allow credentialed HTTP requests to access your resources. Credentials may be cookies or TLS client certificates.

allowedHeaders
array of strings

The HTTP header names that you allow using the Access-Control-Allow-Headers header.

allowedHeaders
allowedMethods
array of strings

The HTTP methods that you allow using the Access-Control-Allow-Methods header, either GET, PUT, POST, DELETE, OPTIONS, PATCH, or HEAD.

allowedMethods
Allowed:
allowedOrigins
array of strings

The origin hostnames that you allow using the Access-Control-Allow-Origin header. The wildcard (*) means all hostnames.

allowedOrigins
boolean
required

Whether you enabled CORS for the endpoint.

exposedHeaders
array of strings

The headers that you expose using the Access-Control-Expose-Headers header. By exposing a header, you allow clients to access it.

exposedHeaders
integer
required

The maximum time in seconds for caching responses to preflight requests.

Headers
string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

Language
URL
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json
application/problem+json