Cross Origin Resource Sharing
Information about CORS support in the OneBalance API
OneBalance API implements Cross Origin Resource Sharing (CORS) to allow requests from browsers on different domains.
Overview
CORS support enables web applications to make AJAX requests to the OneBalance API from domains different from where the API is hosted. This is essential for implementing features like dashboards or control panels that utilize the API.
How CORS Works
When a browser makes a cross-origin request:
- For non-simple requests (like PUT, DELETE, or with custom headers), the browser first sends a “preflight” request using the OPTIONS method
- This preflight request includes the
Origin
header identifying the requesting domain - The server responds with headers describing the allowed constraints
- If the actual request falls within these constraints, the browser proceeds with the actual request
CORS Headers
The OneBalance API responds with the following CORS headers:
Header | Description |
---|---|
Access-Control-Allow-Origin | The domain that sent the request (from the Origin header) |
Access-Control-Allow-Methods | The HTTP methods allowed for cross-origin requests (typically includes all available methods) |
Access-Control-Expose-Headers | Headers that will be accessible to requests from the origin domain |
Access-Control-Max-Age | How long (in seconds) the preflight response can be cached before another preflight is needed |
Access-Control-Allow-Credentials | Set to true to allow sending authentication credentials (like Access tokens) with the request |
Client Implementation
Most browsers handle CORS details automatically. Your JavaScript code can make requests to the OneBalance API endpoints as it would to any API, and the browser will manage the preflight requests and handle the CORS headers.
Server Implementation in Next.js
In a Next.js application using the App Router, you can set CORS headers for a specific Route Handler using the standard Web API methods: