> Reference > > CORS

CORS

Cross Origin Resource Sharing defines a protocol by which resources on different domains may establish whether cross site operations are permissible.

Sparta makes CORS support a single CORSEnabled field of the API struct:


// Register the function with the API Gateway
apiStage := sparta.NewStage("v1")
apiGateway := sparta.NewAPIGateway("SpartaHTML", apiStage)
// Enable CORS s.t. the S3 site can access the resources
apiGateway.CORSEnabled = true

Setting the boolean to true will add the necessary OPTIONS and mock responses to all resources exposed by your API. See the SpartaHTML sample for a complete example.

Customization

Sparta provides two ways to customize the CORS headers available:

Via the apigateway.CORSOptions field.
Customization may use the S3Site.CloudformationS3ResourceName to get the WebsiteURL value so that the CORS origin options can be minimally scoped.

References

API Gateway Docs