Building an Open API requires to allow Cross-Origin Request Sharing.
If you are building a web application, you may not need to enable CORS for your API. See here the section Origins that Do not Match.
If you want different origins to make requests to your API from a browser, you need to enable Cross-Origin Resource Sharing.
You can do that by adding a route handler and a special hook to your API root controller (
APIController in this example).
CORS Requests and
If your API requires a token to be sent in the
Authorization header, then the name of this header should be specified in the
The same goes with other headers:
In the browser, your HTTP client must also have its
withCredentials option set to