BlocksMiddleware
CORS
Cross-Origin Resource Sharing configuration for your endpoint.
CORS Middleware Block
The CORS Middleware Block handles Cross-Origin Resource Sharing (CORS). It allows you to specify which external websites (origins) are permitted to make requests to your API endpoint directly from a browser.
Configuration
| Field | Required | Description |
|---|---|---|
| Allowed Origins | ✅ | A list of URLs (e.g., https://mywebsite.com) that are allowed. Use * to allow all origins. |
| Allowed Methods | — | The HTTP methods permitted (e.g., GET, POST, OPTIONS). |
| Allowed Headers | — | Which custom headers the client is allowed to send. |
| Allow Credentials | — | Set to true if you need to allow cookies to be sent across origins. |
Output Variable
Specify a Variable Name to store error details (only populated if a runtime error occurs during CORS processing).
Errors & Responses
If an error occurs, the variable will be populated with:
{
"error_key": "RUNTIME_ERROR",
"error_message": "An error occurred during execution."
}Behavior
This block intercepts OPTIONS preflight requests and standard requests:
- If the request comes from an Allowed Origin, the block attaches the necessary
Access-Control-Allow-*headers to the response and continues the flow. - If the origin is not allowed, it returns a CORS error response to the browser.
