Important

We are updating the images for OroCommerce version 6.1 to align with the latest changes in the back-office design. During this transition, some images may still show older versions. Thank you for your patience as we work to update all visuals to reflect these changes.

CORS Configuration for Published OpenAPI Specifications

By default, the Cross-Origin Resource Sharing (CORS) is disabled for a route that is used to download published OpenAPI specifications. To enable it, configure a list of origins that are allowed to access your published OpenAPI specifications via Resources/config/oro/app.yml in any bundle or config/config.yml of your application, e.g.:

oro_api:
    open_api:
        cors:
            allow_origins:
                - 'https://example.com'

You can also configure other CORS options. Here is the default configuration:

oro_api:
    cors:
        # The amount of seconds the user agent is allowed to cache CORS preflight requests.
        preflight_max_age: 600

        # The list of origins that are allowed to send CORS requests.
        allow_origins: []

        # The list of headers that are allowed to send by CORS requests.
        # This option specifies a list of headers that are sent
        # in the "Access-Control-Allow-Headers" response header of CORS preflight requests
        allow_headers: []