Docs Standalone Kubernetes Blog Enterprise Community Get Started GitHub

CORS

Attach to:

Route

Cross-origin resource sharing (CORS) CORS (Cross-Origin Resource Sharing) A security mechanism that allows web pages to make requests to a different domain than the one serving the web page. Agentgateway can configure CORS headers to control cross-origin access. is a browser security mechanism which allows a server to control which origins can request resources.

Tip

CORS is enforced on the browser, not the server. Requests that violate the CORS policy will still have responses returned, but the browser will reject them. As such, usage of tools like curl with cors can be confusing, as curl does not respect CORS headers.

Example:

cors:
  allowOrigins:
  - "*"
  allowHeaders:
  - mcp-protocol-version
  - content-type
  allowCredentials: true
  exposeHeaders:
  - x-my-header
  maxAge: 100s
Backend TLSCSRF
Agentgateway assistant

Ask me anything about agentgateway configuration, features, or usage.

Note: AI-generated content might contain errors; please verify and test all returned information.

↑↓ navigate select esc dismiss