Skip to content

CORS Settings

CORS is a standard implemented by browsers for ensuring that only the allowed clients actually access your API, see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.

One of the biggest pain-points when deploying your API that is consumed by a browser application is not having the correct CORS configuration on your API Server. Fortunately Kusk makes configuring CORS for your API easy - add the corresponding CORS extension to your OpenAPI definition at the desired level (usually the root):

openapi: 3.0.0
info:
  title: simple-api
  version: 0.1.0
x-kusk:
  cors:
    origins:
      - "*"
    methods:
      - POST
      - GET
      - OPTIONS
    headers:
      - Content-Type
    credentials: true
    max_age: 86200
..

If you want to override CORS settings for a specific operation or path you can do so - for example to change the allowed origins for a specific operation you could add:

paths:
  /hello:
    get:
      operationId: getHello
      x-kusk:
        cors:
          origins:
            - "gethello.com"
      ..

See all available CORS configuration options in the Extension Reference