Data API CORS setting

Hello, is it possible to specify the CORS settings for the Data API?

Currently, I’ve got an external app (served from a different domain) that is able to list and create my resources, but is not able to delete them due to: “Method DELETE is not allowed by Access-Control-Allow-Methods in preflight response.”.

Some more info:

  • These requests are being sent with no authentication.
  • The “Delete via API” permission is enabled in the default permissions for this resource - this seems to be independent.
  • I’m testing all of this in the “Development” version. Not sure if it makes a difference.

Alternatively, is there another way to make this work?

Thank you,

1 Like