mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-09-14 18:31:08 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/api-docs/system/config-cors.mdx
Erica Thompson 0660ea6fac
Update README (#31244) 
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

115 lines
3.1 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: api
page_title: /sys/config/cors - HTTP API
description: >-
The '/sys/config/cors' endpoint configures how the Vault server responds to
cross-origin requests.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
# `/sys/config/cors`
@include 'alerts/restricted-root.mdx'
The `/sys/config/cors` endpoint is used to configure CORS settings.
- **`sudo` required**  All CORS endpoints require `sudo` capability in
addition to any path-specific capabilities.
## Read CORS settings
This endpoint returns the current CORS configuration.
| Method | Path |
| :----- | :----------------- |
| `GET` | `/sys/config/cors` |
### Sample request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/sys/config/cors
```
### Sample response
```json
{
"enabled": true,
"allowed_origins": ["http://www.example.com"],
"allowed_headers": [
"Content-Type",
"X-Requested-With",
"X-Vault-AWS-IAM-Server-ID",
"X-Vault-No-Request-Forwarding",
"X-Vault-Token",
"Authorization",
"X-Vault-Wrap-Format",
"X-Vault-Wrap-TTL"
]
}
```
## Configure CORS settings
This endpoint allows configuring the origins that are permitted to make
cross-origin requests, as well as headers that are allowed on cross-origin requests.
<EnterpriseAlert>
The CORS configuration endpoint does not apply changes across clusters. If you
use performance replication, you must invoke the configuration endpoint on each
secondary cluster independently to mirror the primary cluster CORS
configuration.
</EnterpriseAlert>
| Method | Path |
| :----- | :----------------- |
| `POST` | `/sys/config/cors` |
### Parameters
- `allowed_origins` `(string or string array: <required>)`  A wildcard (`*`), comma-delimited string, or array of strings specifying the origins that are permitted to make cross-origin requests.
- `allowed_headers` `(string or string array: "" or [])`  A comma-delimited string or array of strings specifying headers that are permitted to be on cross-origin requests. Headers set via this parameter will be appended to the list of headers that Vault allows by default.
### Sample payload
```json
{
"allowed_origins": "*",
"allowed_headers": "X-Custom-Header"
}
```
### Sample request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/config/cors
```
## Delete CORS settings
This endpoint removes any CORS configuration.
| Method | Path |
| :------- | :----------------- |
| `DELETE` | `/sys/config/cors` |
### Sample request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/sys/config/cors
```
Reference in New Issue View Git Blame Copy Permalink