Module Development

Access an API from the Browser with Cross-Origin Resource Sharing for Drupal 8, 9, and 10

JavaScript applications are the most common type of consumers. They are commonly used to create a website that runs in a web browser. Running decoupled applications in the browser will involve Cross-Origin Resource Sharing (CORS), which requires some setup on the Drupal side in order to work.

In this tutorial we'll:

  • Learn about what CORS is and when/why we need to care about it
  • Configure Drupal to return an appropriate CORS header, enabling browser-based consumers access to our API

By the end of this tutorial you will have a better understanding of CORS, and how to configure Drupal to serve an API that works with CORS.