How to Configure CORS Policies in App Platform

App Platform is a Platform-as-a-Service (PaaS) offering that allows developers to publish code directly to DigitalOcean servers without worrying about the underlying infrastructure.


Cross-Origin Resource Sharing (CORS) is used to permit loading of resources on other origins, such as a domain, protocol, or port, via HTTP headers. These permissions are granted via policies, which specify the approved origin and the match type that will be used to set the Access-Control-Allow-Origin header if the client’s origin matches the value you provide.

Editing the List of Approved Origins

Go to https://cloud.digitalocean.com/apps, click on your app, click Settings, and click the resource whose CORS policies you would like to edit. Under the HTTP Request Routes heading, click Edit and then click Configure CORS. In the Configure CORS window, you will be able to add an origin and specify which match type to use.

CORS Match Types

  • Exact: The Access-Control-Allow-Origin header will be set to the client’s origin only if the client’s origin exactly matches the value you provide.
  • Prefix: The Access-Control-Allow-Origin header will be set to the client’s origin if the beginning of the client’s origin matches the value you provide.
  • Regex: The Access-Control-Allow-Origin header will be set to the client’s origin if the client’s origin matches the regex you provide, in RE2 style syntax