/sys/config/cors
The /sys/config/cors endpoint is used to configure CORS settings.
sudorequired – All CORS endpoints requiresudocapability in addition to any path-specific capabilities.
Read CORS settings
This endpoint returns the current CORS configuration.
| Method | Path |
|---|---|
GET | /sys/config/cors |
Sample request
$ curl \ --header "X-Vault-Token: ..." \ http://127.0.0.1:8200/v1/sys/config/corsSample response
{ "enabled": true, "allowed_origins": ["http://www.example.com"], "allowed_headers": [ "Content-Type", "X-Requested-With", "X-Vault-AWS-IAM-Server-ID", "X-Vault-No-Request-Forwarding", "X-Vault-Token", "Authorization", "X-Vault-Wrap-Format", "X-Vault-Wrap-TTL" ]}Configure CORS settings
This endpoint allows configuring the origins that are permitted to make cross-origin requests, as well as headers that are allowed on cross-origin requests.
| Method | Path |
|---|---|
POST | /sys/config/cors |
Parameters
allowed_origins(string or string array: <required>)– A wildcard (*), comma-delimited string, or array of strings specifying the origins that are permitted to make cross-origin requests.allowed_headers(string or string array: "" or [])– A comma-delimited string or array of strings specifying headers that are permitted to be on cross-origin requests. Headers set via this parameter will be appended to the list of headers that Vault allows by default.
Sample payload
{ "allowed_origins": "*", "allowed_headers": "X-Custom-Header"}Sample request
$ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/sys/config/corsDelete CORS settings
This endpoint removes any CORS configuration.
| Method | Path |
|---|---|
DELETE | /sys/config/cors |
Sample request
$ curl \ --header "X-Vault-Token: ..." \ --request DELETE \ http://127.0.0.1:8200/v1/sys/config/cors