How to Enable CORS Using HTTP Listener Interceptors

  1. Home
  2. Blog
  3. How to Enable CORS Using HTTP Listener Interceptors
  • Mulesoft
  • 21 May,2025

Enable CORS in MuleSoft with HTTP Listener Interceptors for Cross-Domain API Access

PHPWord

Introduction

Cross-Origin Resource Sharing (CORS) is essential when integrating MuleSoft APIs with frontend applications running on different domains. Without proper CORS configuration, browsers block requests due to security restrictions. In this blog, we'll explore how to enable CORS in MuleSoft using <http:listener-interceptors>.

 

Why CORS is Important?

When a frontend application (Angular, React, Vue, etc.) makes an API request to a MuleSoft backend running on a different domain, the browser enforces the same-origin policy, preventing cross-domain requests. CORS headers allow the backend to specify which domains can access the API.

 

Enabling CORS in MuleSoft

To allow cross-origin requests, we need to configure CORS interceptors inside the HTTP Listener configuration.

Example Configuration

Add the following configuration in your MuleSoft project inside the HTTP Listener:

<http:listener-interceptors>

<http:cors-interceptor allowCredentials="true">

<http:origins>

<http:public-resource />

</http:origins>

</http:cors-interceptor>

</http:listener-interceptors>

</http:listener-config>

 

Share -