Can I specify more than one origin in CORS policy?

Solution Unverified - Updated -


  • When configuring the CORS policy, the field allow_origin expects only one origin (e.g. or *). If left blank, the value of the Origin request header will be used. Is there a workaround to specify more than one Origin?


  • Red Hat 3scale API Management
    • SaaS
    • On-premises 2.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In