This is part of #378, since this is something possible in D8.2.x: https://www.drupal.org/node/2715637
As of Drupal 8.2, it's possible to opt in a particular site to enable CORS for responses served by Drupal.
(This is particularly helpful for fully decoupled Drupal sites which have JS that needs to talk to a Drupal 8 site's REST API. In such cases, that Drupal 8 instance often runs on a separate domain. Due to the same origin policy those requests will be blocked by the browser.)
This is not enabled by default because there are security consequences.
New in default.services.yml:
# Configure Cross-Site HTTP requests (CORS). # Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS # for more information about the topic in general. # Note: By default the configuration is disabled. cors.config: enabled: false # Specify allowed headers, like 'x-allowed-header'. allowedHeaders: [] # Specify allowed request methods, specify ['*'] to allow all possible ones. allowedMethods: [] # Configure requests allowed from specific origins. allowedOrigins: ['*'] # Sets the Access-Control-Expose-Headers header. exposedHeaders: false # Sets the Access-Control-Max-Age header. maxAge: false # Sets the Access-Control-Allow-Credentials header. supportsCredentials: false
Note particular that
enabled: false
key-value pair!
Recent comments
We can no longer add contrib projects in the Tugboat sandboxes that we use for core PR's? Can this be fixed or is there a reason for this? We can add contrib projects to demo...
Apr 25th Weekly Meetings
The Mail System and MimeMail modules are now installed. I'll let you know if they solve the problem. Edit: Using Mail System with MimeMail I was able to send plain text emails. There is...
HTML Email treated as plain text
If you haven't already I recommend installing Mail System and MimeMail. The latter will help format emails as HTML and first helps with configuring which module will handle the formatting...
HTML Email treated as plain text