How to enable CORS in Drupal 8-DrupalABC

Most of the Drupal websites are getting converted to Headless applications. Most important configuration to achieve that is by enabling CORS in Drupal. If CORS is not enabled your headless app will not be able to fetch data from Drupal. To do that :

1. Copy default.services.yml and create file services.yml.

2. Go to the last configuration in the file i.e CORS settings. Modify it in this way to allow cross-origin requests.

# Configure Cross-Site HTTP requests (CORS).

# Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

# for more information about the topic in general.

# Note: By default the configuration is disabled.

cors.config:

enabled: true

# Specify allowed headers, like 'x-allowed-header'.

allowedHeaders: ['x-csrf-token', 'authorization', 'content-type', 'accept', 'origin', 'x-requested-with']

# Specify allowed request methods, specify ['*'] to allow all possible ones.

allowedMethods: ['POST', 'GET', 'OPTIONS', 'DELETE', 'PUT', 'PATCH']

# Configure requests allowed from specific origins.

allowedOrigins: ['*']

# Sets the Access-Control-Expose-Headers header.

exposedHeaders: true

# Sets the Access-Control-Max-Age header.

maxAge: false

# Sets the Access-Control-Allow-Credentials header.

supportsCredentials: false

How to enable CORS in Drupal 8

How to send GET request in Drupal 8

How to load a block programmatically and use in twig file

How to send POST request in Drupal 8

How to handle form submission using JS in Drupal 7

What is the ideal .htaccess file for Drupal 8 website