How can conditionally add CORS header depending on request access origin?

Example:

If request.header.origin equals example.com then add cors for example.com

but if request.header.origin equals apigee.com then ad cors for apigee.com

how can I add the condition checking?

The goal is limiting CORS to a list of allowed origins.

I am not sure about what you are expecting as you know about request.header.origin flow variable. I guess you can use {request.header.origin} to automatically add the origin header.

<Headername="Access-Control-Allow-Origin">{request.header.origin}</Header>

If this is not what you are looking for, please explain in detail.

hey guys, I implemented something like that and it served me correctly.

In the proxy enpoint we must place in the preflow the next call of a Flowcallout to invoke a sharedflow which will have the policy of CORS

FC-CORS FC-OAuth2

Definition of flowcallout, where we invoke the sharedflow

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> FC-CORS OPTIONS-CORS-Headers-Response

definition of sharedflow

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> OPTIONS-CORS-Headers-Response request.verb == "OPTIONS"

definition of the policy of raisefull, where we will indicate the headers of Access-Control-Allow-Origin with * that will allow the invocation from our browser

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> OPTIONS CORS Headers Response * origin, x-requested-with, accept, ucsb-api-key, ucsb-api-version, authorization 3628800 GET, PUT, POST, DELETE 200 OK true

Regars