Magento 2 CORS

Magento Version Support

Ever try to work with the Magento GraphQL API or REST API from your browser and see the following?

Access to XMLHttpRequest at 'https://my.magento.app' from origin 'http://my.webapp.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This package allows you to securely add the necessary CORS headers to the Magento 2 GraphQL or REST APIs with ease.

Purpose

When building a headless application for Magento, or working with a client that respects the CORS protocol, you will need CORS headers on your backend resource.

This package will add configurable CORS Resource headers to the Magento 2 GraphQL or REST APIs, allowing you to access the GraphQL or REST APIs from your browser.

Getting Started

This module is intended to be installed with composer. From the root of your Magento 2 project:

1. Download the package

composer require graycore/magento2-cors

2. Configure the package
3. Enable the package

./bin/magento module:enable Graycore_Cors

Features

• Configurable

• Respects the full CORS Protocol

  • Access-Control-Allow-Origin
  • Access-Control-Allow-Methods
  • Access-Control-Allow-Headers
  • Access-Control-Max-Age
  • Access-Control-Expose-Headers
  • Access-Control-Allow-Credentials

• Security By Default

• Vary: Origin

Helpful Links

• FAQ
  • Can I configure this from the admin panel?

Upgrading

• Semver Policy
• Guide