description
This page discusses the improved response to origin validation

Access-Control-Allowed-Origin

Legacy execution engine behavior

When using the legacy execution engine, you can configure Cross-Origin Resource Sharing (CORS) to allow a specific subset of origins. Regardless of the actual configuration, the Gateway properly validates the origin but returns Access-Control-Allowed-Origin: * in the response header.

Reactive execution engine improvements

When using the reactive execution engine, the allowed origin(s) you specify is returned instead of *. For example, in the configuration shown below, Access-Control-Allowed-Origin: https://test.gravitee.io.

Sample CORS configuration

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

access-control-allowed-origin.md

access-control-allowed-origin.md

Access-Control-Allowed-Origin

Legacy execution engine behavior

Reactive execution engine improvements

Files

access-control-allowed-origin.md

Latest commit

History

access-control-allowed-origin.md

File metadata and controls

Access-Control-Allowed-Origin

Legacy execution engine behavior

Reactive execution engine improvements