mirror of
https://github.com/hashicorp/vault.git
synced 2026-04-29 18:19:24 -04:00
2.1 KiB
2.1 KiB
| layout | page_title | sidebar_current | description |
|---|---|---|---|
| api | /sys/config/cors - HTTP API | docs-http-system-config-cors | The '/sys/config/cors' endpoint configures how the Vault server responds to cross-origin requests. |
/sys/config/cors
The /sys/config/cors endpoint is used to configure CORS settings.
sudorequired – All CORS endpoints requiresudocapability in addition to any path-specific capabilities.
Read CORS Settings
This endpoint returns the current CORS configuration.
| Method | Path | Produces |
|---|---|---|
GET |
/sys/config/cors |
200 application/json |
Sample Request
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/config/cors
Sample Response
{
"enabled": true,
"allowed_origins": "http://www.example.com"
}
Configure CORS Settings
This endpoint allows configuring the origins that are permitted to make cross-origin requests.
| Method | Path | Produces |
|---|---|---|
PUT |
/sys/config/cors |
204 (empty body) |
Parameters
allowed_origins(string or string array: "" or [])– A wildcard (*), comma-delimited string, or array of strings specifying the origins that are permitted to make cross-origin requests.
Sample Payload
{
"allowed_origins": "*"
}
Sample Request
$ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/config/cors
Delete CORS Settings
This endpoint removes any CORS configuration.
| Method | Path | Produces |
|---|---|---|
DELETE |
/sys/config/cors |
204 (empty body) |
Sample Request
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/config/cors