Description:
We need to implement or update the CORS (Cross-Origin Resource Sharing) policy for our API to improve security and ensure controlled access from trusted domains. The current configuration either doesn't exist or needs enhancements to handle modern web requirements and client requests.
Objectives:
Define a clear list of allowed origins that can make cross-origin requests.
Configure HTTP methods such as GET, POST, PUT, DELETE, OPTIONS, and PATCH for cross-origin access.
Ensure necessary headers, like Content-Type and Authorization, are permitted in requests.
Enable support for credentials (e.g., cookies and authorization headers) in cross-origin requests.
Optimize preflight request handling by setting an appropriate maxAge value for caching.
Expected Outcome:
Once implemented, the API will handle cross-origin requests securely, only allowing access from specified domains, supporting essential methods and headers, and improving efficiency with preflight request caching.
Description of the JSON schema.
Issue: Implement/Update CORS Policy for API
Description: We need to implement or update the CORS (Cross-Origin Resource Sharing) policy for our API to improve security and ensure controlled access from trusted domains. The current configuration either doesn't exist or needs enhancements to handle modern web requirements and client requests.
Objectives:
Content-Type
andAuthorization
, are permitted in requests.maxAge
value for caching.Expected Outcome: Once implemented, the API will handle cross-origin requests securely, only allowing access from specified domains, supporting essential methods and headers, and improving efficiency with preflight request caching.
Supporting information.
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManageCorsUsing.html
Are you making a PR for this?
Yes, I will create a PR.