OPTIONS & CORS

To enable Cross-Origin Resource Sharing (CORS) for Actions clients (including blinks), all Action endpoints must handle HTTP OPTIONS requests with appropriate headers. This ensures clients can successfully pass CORS checks for all subsequent requests from the same origin domain. An Actions client may perform 'preflight' requests to the Action URL endpoint in the form of an OPTIONS HTTP method to check if the GET request will pass all CORS checks. The OPTIONS method should respond with all the required HTTP headers to allow clients (like blinks) to properly make all the subsequent requests from the origin domain.

The minimum required HTTP headers are:

Access-Control-Allow-Origin with a value of *
Access-Control-Allow-Methods with a value of GET,POST,PUT,OPTIONS
Access-Control-Allow-Headers with a minimum value of Content-Type, Authorization, Content-Encoding, Accept-Encoding

CORS Headers for Actions.json The actions.json file response must also return valid CORS headers for GET and OPTIONS requests as noted in the actions.json section of these docs

PreviousAction Chaining NextExecution & Lifecycle

Last updated 1 month ago