Blog

Oracle Cloud API Gateway with Functions: CORS policies, deployment stages, and backend TLS verification

OCI API Gateway supports CORS policies as a first-class resource—attach them to routes that serve browser clients.

Published: 2028-04-26Updated: 2028-04-281 min read

oracleapi-gatewaycors

Compartments

IAM policies span compartments—misconfigured policies can block OPTIONS before CORS runs.

Audit logs should capture policy changes alongside gateway deployments.

Cross-region failover changes DNS—update Allow-Origin lists when primary region shifts.