CORS settings

These settings used to control CORS options.

pydantic model horizon.backend.settings.server.cors.CORSSettings

CORS Middleware Settings.

See CORSMiddleware documentation.

Note

You can pass here any extra option supported by CORSMiddleware, even if it is not mentioned in documentation.

Examples

For development environment:

HORIZON__SERVER__CORS__ENABLED=True
HORIZON__SERVER__CORS__ALLOW_ORIGINS="*"
HORIZON__SERVER__CORS__ALLOW_METHODS="*"
HORIZON__SERVER__CORS__ALLOW_HEADERS="*"
HORIZON__SERVER__CORS__EXPOSE_HEADERS=X-Request-ID,Location,Access-Control-Allow-Credentials

For production environment:

HORIZON__SERVER__CORS__ENABLED=True
HORIZON__SERVER__CORS__ALLOW_ORIGINS="production.example.com"
HORIZON__SERVER__CORS__ALLOW_METHODS="GET"
HORIZON__SERVER__CORS__ALLOW_HEADERS="X-Request-ID,X-Request-With"
HORIZON__SERVER__CORS__EXPOSE_HEADERS="X-Request-ID"
# custom option passed directly to middleware
HORIZON__SERVER__CORS__MAX_AGE=600

Fields:

• allow_credentials (bool)

• allow_headers (List[str])

• allow_methods (List[str])

• allow_origins (List[str])

• enabled (bool)

• expose_headers (List[str])

field enabled: bool = True

Set to True to enable middleware

field allow_origins: List[str] [Optional]

Domains allowed for CORS

field allow_credentials: bool = False

If True, cookies should be supported for cross-origin request

field allow_methods: List[str] = ['GET']

HTTP Methods allowed for CORS

field allow_headers: List[str] = ['X-Request-ID', 'X-Request-With']

HTTP headers allowed for CORS

field expose_headers: List[str] = ['X-Request-ID']

HTTP headers exposed from backend

class Config