Skip to main content
DrupalABC

Main navigation

  • Home
  • Search
  • Learn Drupal
  • Certifications
  • Drupal Code Finder
User account menu
  • Log in

Breadcrumb

  1. Home

How to enable CORS in Drupal 8

Most of the Drupal websites are getting converted to Headless applications. Most important configuration to achieve that is by enabling CORS in Drupal. If CORS is not enabled your headless app will not be able to fetch data from Drupal. To do that : 

1. Copy default.services.yml and create file services.yml.

2. Go to the last configuration in the file i.e CORS settings. Modify it in this way to allow cross-origin requests.

   # Configure Cross-Site HTTP requests (CORS).

   # Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

   # for more information about the topic in general.

   # Note: By default the configuration is disabled.

  cors.config:

    enabled: true

    # Specify allowed headers, like 'x-allowed-header'.

    allowedHeaders: ['x-csrf-token', 'authorization', 'content-type', 'accept', 'origin', 'x-requested-with']

    # Specify allowed request methods, specify ['*'] to allow all possible ones.

    allowedMethods: ['POST', 'GET', 'OPTIONS', 'DELETE', 'PUT', 'PATCH']

    # Configure requests allowed from specific origins.

    allowedOrigins: ['*']

    # Sets the Access-Control-Expose-Headers header.

    exposedHeaders: true

    # Sets the Access-Control-Max-Age header.

    maxAge: false

    # Sets the Access-Control-Allow-Credentials header.

    supportsCredentials: false

 

Tags
Headless
Drupal8
CORS
AJAX
Disqus
DrupalABC

Footer

  • Buy me a coffee
  • Drupal.org profile
  • LinkedIn
Powered by Drupal

Drupal is a registered trademark of Dries Buytaert