Skip to content

CORS Policy

The Cross-Origin Resource Sharing (CORS) headers configured by Kaleido by default are very permissive, allowing requests from any application. As part of your overall web application security posture you might wish to restrict the CORS policy of your nodes.

Example restricted CORS configuration

{
    "cors": {
        "allowedOrigins": [ "https://mywebapp.example.com" ],
        "allowedMethods": [ "GET" ],
        "allowCredentials": false
    }
    // ... additional configuration
}

The full schema for the cors section is described in the details of the POST to configurations in api.kaleido.io