The CORS protocol helps developers control if and how REST resources served by their applications can be shared across origins. Helidon SE includes an implementation of CORS that you can use to add CORS behavior to the services you develop. You can define your application’s CORS behavior programmatically using the Helidon CORS API alone, or together with configuration. Helidon also provides three built-in services that add their own endpoints to your application - health, metrics, and OpenAPI - that have integrated CORS support. By adding very little code to your application, you control how all the resources in your application — the ones you write and the ones provided by the Helidon built-in services — can be shared across origins.

Before you revise your application to add CORS support, you need to decide what type of cross-origin sharing you want to allow for each resource your application exposes. For example, suppose for a given resource you want to allow unrestricted sharing for GET, HEAD, and POST requests (what CORS refers to as "simple" requests), but permit other types of requests only from the two origins foo.com and there.com. Your application would implement two types of CORS sharing: more relaxed for the simple requests and stricter for others.

Once you know the type of sharing you want to allow for each of your resources — including any from built-in services — you can change your application accordingly.

To introduce CORS into your Helidon SE application, do any or all of the following:

• Modify your code using the Helidon SE CORS API. Learn more.

• Use configuration in combination with the Helidon SE CORS API to add CORS to your application. Learn more.

• Update your application to include any of the built-in Helidon services that automatically support CORS. Learn more.