/config/settings.cfm
file: set(allowCorsRequests=true);
.set(allowCorsRequests=true);
in our /config/settings.cfm
to turn on the main CORS functionality, but we can now provide some additional configuration options to fine tune our responses.app.domain.com
and we only want to allow access from that domain to our API.localhost:8080
in /config/development/settings.cfm
for example.GET, POST, PATCH, PUT, DELETE, OPTIONS
. If our API only allows specific methods, we can specify them: note that this is application-wide and not dependent on route./cats
might only allow GET,POST
requests, and /cats/1/
might only allow GET,PUT,PATCH,DELETE
requests.set(accessControlAllowMethodsByRoute=true)
will override set(accessControlAllowMethods())