Forum Discussion

Altocumulus

Feb 05, 2026

Solved

CORS with API calls

Hello, Sorry if this is an obvious question -- we're very new to XC. We're using XC with one load balancer with CORS activated. It works fine for web applications but all API calls (to our internal...

Nikoolayy1
Feb 17, 2026
There is a disable options for the 2 policies in the advanced options under the route as stop them when they are globally enabled under the entire LB just for a route that matches specific URLs and hosts.

Teddy_Brewski

Altocumulus

Feb 16, 2026

Thank you Nikoolayy1

We confirmed that our API clients do not send origin header, hence it's blocked.

We use one load balancer with multiple routes where traffic is routed based on Host headers.

Cross-Site Request Forgery Protection option is enabled globally (on the load balancer level) with all domains listed. I see CORS Policy and CSRF Policy under Advanced Options (in Route section), but none are configured. How can I use XC routes?

Nikoolayy1

MVP

Feb 17, 2026

There is a disable options for the 2 policies in the advanced options under the route as stop them when they are globally enabled under the entire LB just for a route that matches specific URLs and hosts.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)