This is part of #378, since this is something possible in D8.2.x: https://www.drupal.org/node/2715637
As of Drupal 8.2, it's possible to opt in a particular site to enable CORS for responses served by Drupal.
(This is particularly helpful for fully decoupled Drupal sites which have JS that needs to talk to a Drupal 8 site's REST API. In such cases, that Drupal 8 instance often runs on a separate domain. Due to the same origin policy those requests will be blocked by the browser.)
This is not enabled by default because there are security consequences.
New in default.services.yml:
# Configure Cross-Site HTTP requests (CORS). # Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS # for more information about the topic in general. # Note: By default the configuration is disabled. cors.config: enabled: false # Specify allowed headers, like 'x-allowed-header'. allowedHeaders: [] # Specify allowed request methods, specify ['*'] to allow all possible ones. allowedMethods: [] # Configure requests allowed from specific origins. allowedOrigins: ['*'] # Sets the Access-Control-Expose-Headers header. exposedHeaders: false # Sets the Access-Control-Max-Age header. maxAge: false # Sets the Access-Control-Allow-Credentials header. supportsCredentials: falseNote particular that
enabled: falsekey-value pair!
GitHub Issue #:
3350
Recent comments
No problem, let's see how it evolves. I'd be happy to provide a suggested version if i could. I will keep that in mind and try learn this hook chain hopefully very soon. I will...
File hashing uploads made through TinyMCE
I could request hashing support, but that's the lazy way 🤣 I would appreciate it if you as an active maintainer would 'officially' add a hashing support...
File hashing uploads made through TinyMCE
Hi, i understand the updating obstacle - not worth mentioning - hence it is a wacky (but working) patch until i know what to do. :-) One of my biggest wishes is to understand the hook...
File hashing uploads made through TinyMCE