You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: portal/how-to-guides/configure-cors.mdx
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,12 +20,12 @@ Cross-origin request configuration in the Developer Portal involves two independ
20
20
Portal application CORS controls which external origins may call the Portal's own Admin API and Live Portal routes. It is configured via environment variables on the Portal process.
21
21
22
22
<Warning>
23
-
[`PORTAL_CORS_ENABLE`](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-enable) defaults to `false`. All cross-origin requests to the Portal are rejected until you set this to `true`.
23
+
[PORTAL_CORS_ENABLE](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-enable) defaults to `false`. All cross-origin requests to the Portal are rejected until you set this to `true`.
24
24
</Warning>
25
25
26
26
1.**Enable CORS**
27
27
28
-
Set [`PORTAL_CORS_ENABLE`](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-enable) to `true` on the Portal process.
28
+
Set [PORTAL_CORS_ENABLE](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-enable) to `true` on the Portal process.
29
29
30
30
<Tabs>
31
31
<Tabtitle="Environment variable">
@@ -46,7 +46,7 @@ Portal application CORS controls which external origins may call the Portal's ow
46
46
47
47
2.**Set allowed origins**
48
48
49
-
Set [`PORTAL_CORS_ALLOWED_ORIGINS`](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-allowed-origins) to the origins permitted to make cross-origin requests to the Portal. Use the exact scheme and host of each origin, separated by commas. Wildcards are supported.
49
+
Set [PORTAL_CORS_ALLOWED_ORIGINS](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-allowed-origins) to the origins permitted to make cross-origin requests to the Portal. Use the exact scheme and host of each origin, separated by commas. Wildcards are supported.
50
50
51
51
{/* TODO: Verify the default behavior when PORTAL_CORS_ALLOWED_ORIGINS is unset. Code analysis (rs/cors library) indicates an empty slice allows all origins. The configuration reference states no origins are allowed by default. Confirm with the Portal team before documenting a specific default. */}
52
52
@@ -71,7 +71,7 @@ Portal application CORS controls which external origins may call the Portal's ow
71
71
</Tabs>
72
72
73
73
<Warning>
74
-
Do not set [`PORTAL_CORS_ALLOWED_ORIGINS`](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-allowed-origins) to `*` when `PORTAL_CORS_ALLOW_CREDENTIALS=true`. The CORS specification does not allow credentialed requests from wildcard origins. Specify each origin explicitly instead.
74
+
Do not set [PORTAL_CORS_ALLOWED_ORIGINS](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-allowed-origins) to `*` when `PORTAL_CORS_ALLOW_CREDENTIALS=true`. The CORS specification does not allow credentialed requests from wildcard origins. Specify each origin explicitly instead.
75
75
</Warning>
76
76
77
77
3.**Set allowed headers and methods**
@@ -101,8 +101,8 @@ Portal application CORS controls which external origins may call the Portal's ow
101
101
102
102
| Config key | Default | Description |
103
103
|---|---|---|
104
-
|[`CORS.MaxAge`](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-max-age)|`0`| How long, in seconds, browsers may cache the preflight response. A positive value reduces preflight round trips. |
105
-
|[`CORS.AllowCredentials`](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-allow-credentials)|`false`| Whether the Portal includes credentials (cookies, HTTP authentication) in CORS responses. |
104
+
|[CORS.MaxAge](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-max-age)|`0`| How long, in seconds, browsers may cache the preflight response. A positive value reduces preflight round trips. |
105
+
|[CORS.AllowCredentials](/product-stack/tyk-enterprise-developer-portal/deploy/configuration#portal-cors-allow-credentials)|`false`| Whether the Portal includes credentials (cookies, HTTP authentication) in CORS responses. |
0 commit comments