Stay organized with collections
Save and categorize content based on your preferences.
OpenAPI | gRPC
CORS (Cross-origin resource sharing) is a standard mechanism that allows XMLHttpRequest (XHR) calls executed in a web page to interact with resources from different origins. Without CORS, the same-origin policy enforced by all browsers would prevent cross-origin requests. For more background information on CORS, see the Mozilla Developer Network (MDN) reference documentation.
The CORS standard requires that web clients issue a CORS preflight OPTIONS to determine if the requested web server supports CORS. If a web server supports CORS request, it will handle the OPTIONS request with proper CORS response headers.
Handle CORS in your backend application
If your backend supports CORS, you can configure ESP or ESPv2 to pass the CORS request to your backend.
you can enable pass-through in the OpenAPI spec for your API as shown below:
If your backend does not support CORS, you can configure ESP or ESPv2 to handle CORS requests by specifying CORS startup flags. In this approach, CORS Preflight requests will not pass through to your backend application. Additionally, ESP or ESPv2 will append the configured CORS headers to responses from the backend service when appropriate.
The following CORS startup options are available for ESP and ESPv2
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-01 UTC."],[[["CORS (Cross-origin resource sharing) allows web pages to interact with resources from different origins, bypassing the same-origin policy enforced by browsers."],["Web servers supporting CORS respond to preflight `OPTIONS` requests with appropriate CORS headers, as required by the CORS standard."],["You can configure ESP or ESPv2 to pass CORS requests to your backend if the backend supports CORS by enabling pass-through in the OpenAPI specification."],["If your backend doesn't support CORS, ESP or ESPv2 can be configured to handle CORS requests using specific startup flags, preventing preflight requests from reaching the backend."],["When handling CORS via ESPv2, the preflight `OPTIONS` requests must include a valid `Origin` and `Access-Control-Request-Method` header to be handled properly."]]],[]]
