FluxyAPIFluxyAPI
BlocksMiddleware

CORS

Cross-Origin Resource Sharing configuration for your endpoint.

CORS Middleware Block

The CORS Middleware Block handles Cross-Origin Resource Sharing (CORS). It allows you to specify which external websites (origins) are permitted to make requests to your API endpoint directly from a browser.

Configuration

FieldRequiredDescription
Allowed OriginsA list of URLs (e.g., https://mywebsite.com) that are allowed. Use * to allow all origins.
Allowed MethodsThe HTTP methods permitted (e.g., GET, POST, OPTIONS).
Allowed HeadersWhich custom headers the client is allowed to send.
Allow CredentialsSet to true if you need to allow cookies to be sent across origins.

Output Variable

Specify a Variable Name to store error details (only populated if a runtime error occurs during CORS processing).

Errors & Responses

If an error occurs, the variable will be populated with:

{
  "error_key": "RUNTIME_ERROR",
  "error_message": "An error occurred during execution."
}

Behavior

This block intercepts OPTIONS preflight requests and standard requests:

  • If the request comes from an Allowed Origin, the block attaches the necessary Access-Control-Allow-* headers to the response and continues the flow.
  • If the origin is not allowed, it returns a CORS error response to the browser.

On this page