# /sys/config/cors

The `/sys/config/cors` endpoint is used to configure CORS settings.

* **`sudo` required** – All CORS endpoints require `sudo` capability in addition to any path-specific capabilities.

### Read CORS settings

This endpoint returns the current CORS configuration.

| Method | Path               |
| ------ | ------------------ |
| `GET`  | `/sys/config/cors` |

#### Sample request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/sys/config/cors
```

#### Sample response

```json
{
  "enabled": true,
  "allowed_origins": ["http://www.example.com"],
  "allowed_headers": [
    "Content-Type",
    "X-Requested-With",
    "X-Vault-AWS-IAM-Server-ID",
    "X-Vault-No-Request-Forwarding",
    "X-Vault-Token",
    "Authorization",
    "X-Vault-Wrap-Format",
    "X-Vault-Wrap-TTL"
  ]
}
```

### Configure CORS settings

This endpoint allows configuring the origins that are permitted to make cross-origin requests, as well as headers that are allowed on cross-origin requests.

| Method | Path               |
| ------ | ------------------ |
| `POST` | `/sys/config/cors` |

#### Parameters

* `allowed_origins` `(string or string array: <required>)` – A wildcard (`*`), comma-delimited string, or array of strings specifying the origins that are permitted to make cross-origin requests.
* `allowed_headers` `(string or string array: "" or [])` – A comma-delimited string or array of strings specifying headers that are permitted to be on cross-origin requests. Headers set via this parameter will be appended to the list of headers that Vault allows by default.

#### Sample payload

```json
{
  "allowed_origins": "*",
  "allowed_headers": "X-Custom-Header"
}
```

#### Sample request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/sys/config/cors
```

### Delete CORS settings

This endpoint removes any CORS configuration.

| Method   | Path               |
| -------- | ------------------ |
| `DELETE` | `/sys/config/cors` |

#### Sample request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/sys/config/cors
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/vault/api/system-backend/sys-config-cors.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.