CORS (Cross-Origin Resource Sharing)

CORS is used to control from which websites requests can be made to the API. Permitting Origin, Headers, and Methods are all required for this to work, setting one is not sufficient.

`Cors` key in the configuration `Array<CorsConfiguration>`

`CorsConfiguration`

Example complete configuration for the website “myintersectgame.com” note that this is not complete:

{
  "Origin": "myintersectgame.com",
  "Headers": [
    "Accepts",
    "Authorization",
    "Content-Length"
    "Content-Type"
  ],
  "Methods": [
    "*"
  ]
}

Origin `string`

A string denoting which origin the following headers and methods are permitted for. * can be used to denote all origins (this is not recommended).

Headers `Array<string>`

An array of strings denoting which headers are permitted for cross-origin resource requests. ["*"] can be used to allow all headers but is not recommended for non-local development usage.

Typical headers that would be needed for the various API endpoints Intersect provides would include (but are not limited to): Content-Type, Content-Length, Accepts, Authorization

Methods `Array<string>`

An array of strings denoting which request methods are permitted for cross-origin resource requests. ["*"] can be used to allow all methods.

A likely scenario is that all methods will be necessary, but at minimum GET will be for endpoints that do not require authorization, and POST will be required for the authorization endpoints (the ones that include token for example).

CORS (Cross-Origin Resource Sharing)

Cors key in the configuration Array<CorsConfiguration>

CorsConfiguration

Origin string

Headers Array<string>

Methods Array<string>

`Cors` key in the configuration `Array<CorsConfiguration>`

`CorsConfiguration`

Origin `string`

Headers `Array<string>`

Methods `Array<string>`