The Galxe platform uses a Cross-Origin Resource Sharing (CORS) check mechanism to ensure that the target API explicitly authorizes calls from the Galxe backend. The role of CORS is to verify whether the API accepts cross-origin requests, ensuring the legality and security of interactions. The target API can authorize access for Galxe by specifying the source or using a wildcard (*).
When Galxe calls third-party APIs from the backend, it is necessary to confirm whether these APIs have open access permissions. The CORS configuration authorizes access by returning the Access-Control-Allow-Origin
header:
Designated Source: Such as https://dashboard.galxe.com
.
Wildcard (*
): Allows all sources, including Galxe.
CORS checks can prevent:
Data Breach: Prevent unauthorized sources from accessing the API.
Abuse of Functionality: Restrict the scope of API calls.
The target API can be authorized in two ways:
Designated Source: More stringent configuration, allowing requests only from Galxe.
Specify the allowed HTTP methods, for example:
Galxe requires that the target API supports OPTIONS requests to verify that the CORS configuration is correct.
The target API needs to support the following CORS configuration:
Open Authorization:
Designated Source Authorization:
The target server must appropriately respond to preflight requests:
Recommended to Use curl Command
Correct Response Example
Because Galxe’s check only verifies whether the target API supports cross-origin, * indicates that all origins are authorized, including Galxe, which meets the requirements.
The target API may not be handling preflight requests correctly. Ensure that OPTIONS requests are supported and that a complete CORS configuration is returned.
The Galxe platform uses a Cross-Origin Resource Sharing (CORS) check mechanism to ensure that the target API explicitly authorizes calls from the Galxe backend. The role of CORS is to verify whether the API accepts cross-origin requests, ensuring the legality and security of interactions. The target API can authorize access for Galxe by specifying the source or using a wildcard (*).
When Galxe calls third-party APIs from the backend, it is necessary to confirm whether these APIs have open access permissions. The CORS configuration authorizes access by returning the Access-Control-Allow-Origin
header:
Designated Source: Such as https://dashboard.galxe.com
.
Wildcard (*
): Allows all sources, including Galxe.
CORS checks can prevent:
Data Breach: Prevent unauthorized sources from accessing the API.
Abuse of Functionality: Restrict the scope of API calls.
The target API can be authorized in two ways:
Designated Source: More stringent configuration, allowing requests only from Galxe.
Specify the allowed HTTP methods, for example:
Galxe requires that the target API supports OPTIONS requests to verify that the CORS configuration is correct.
The target API needs to support the following CORS configuration:
Open Authorization:
Designated Source Authorization:
The target server must appropriately respond to preflight requests:
Recommended to Use curl Command
Correct Response Example
Because Galxe’s check only verifies whether the target API supports cross-origin, * indicates that all origins are authorized, including Galxe, which meets the requirements.
The target API may not be handling preflight requests correctly. Ensure that OPTIONS requests are supported and that a complete CORS configuration is returned.