How to Update CORS Policies in App Platform

Cross-Origin Resource Sharing (CORS) is used to permit loading of resources on other origins, such as a domain, protocol, or port, via HTTP headers. These permissions are granted via policies, which specify the approved origin and the match type that will be used to set the Access-Control-Allow-Origin header if the client’s origin matches the value you provide.

Editing the List of Approved Origins

Go to https://cloud.digitalocean.com/apps, click on your app, click Components, and click the component whose CORS policies you would like to edit. Under the CORS Policy heading, you will be able to add an origin and specify which match type to use.

CORS Match Types

  • Exact: The Access-Control-Allow-Origin header will be set to the client’s origin only if the client’s origin exactly matches the value you provide.
  • Prefix: The Access-Control-Allow-Origin header will be set to the client’s origin if the beginning of the client’s origin matches the value you provide.
  • Regex: The Access-Control-Allow-Origin header will be set to the client’s origin if the client’s origin matches the regex you provide, in RE2 style syntax
A component in App Platform is any deployable, billable, run-time software element in your app. A component can be a database, a service, a worker, or a static site.