How to enable CORS in Drupal 8-DrupalABC

Most of the Drupal websites are getting converted to Headless applications. Most important configuration to achieve that is by enabling CORS in Drupal. If CORS is not enabled your headless app will not be able to fetch data from Drupal. To do that :

1. Copy default.services.yml and create file services.yml.

2. Go to the last configuration in the file i.e CORS settings. Modify it in this way to allow cross-origin requests.

# Configure Cross-Site HTTP requests (CORS).

# Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

# for more information about the topic in general.

# Note: By default the configuration is disabled.

cors.config:

enabled: true

# Specify allowed headers, like 'x-allowed-header'.

allowedHeaders: ['x-csrf-token', 'authorization', 'content-type', 'accept', 'origin', 'x-requested-with']

# Specify allowed request methods, specify ['*'] to allow all possible ones.

allowedMethods: ['POST', 'GET', 'OPTIONS', 'DELETE', 'PUT', 'PATCH']

# Configure requests allowed from specific origins.

allowedOrigins: ['*']

# Sets the Access-Control-Expose-Headers header.

exposedHeaders: true

# Sets the Access-Control-Max-Age header.

maxAge: false

# Sets the Access-Control-Allow-Credentials header.

supportsCredentials: false

How to enable CORS in Drupal 8

What is the ideal .htaccess file for Drupal 8 website

How to handle form submission using AJAX in Drupal 8

How to get and set config in Drupal 8

How to provide menu route parameters in Drupal 8

How to create block with Form in Drupal 8