---
title: >-
  Storefront API allows for cross-origin resource sharing - Shopify developer
  changelog
description: >-
  Shopify’s developer changelog documents all changes to Shopify’s platform.
  Find the latest news and learn about new platform opportunities.
source_url:
  html: >-
    https://shopify.dev/changelog/storefront-api-allows-for-cross-origin-resource-sharing
  md: >-
    https://shopify.dev/changelog/storefront-api-allows-for-cross-origin-resource-sharing.md
metadata:
  effectiveApiVersion: ''
  affectedApi: []
  primaryTag:
    displayName: API
    handle: api
  secondaryTag:
    displayName: Update
    handle: update
  indicatesActionRequired: false
  createdAt: '2022-10-12T10:41:40-04:00'
  postedAt: '2022-10-06T00:00:00-04:00'
  updatedAt: '2024-02-02T10:05:08-05:00'
  effectiveAt: '2022-10-06T00:00:00-04:00'
---

October 6, 2022

Tags:

* API

# Storefront API allows for cross-origin resource sharing

Requests made to Storefront API from SSL provisioned domains that are registered in the domains list on the Admin Panel will now return a two new headers:

`Access-Control-Allow-Credentials: true` `Access-Control-Allow-Origin: ${origin_domain}`

With that mechanism in place, Storefront API securely shares resources such as cookies with the browser, allowing for cart events originated from API Clients other than Online Store to be accounted for in the conversion metrics out of the box, as long as the origin request complies with CORS policy.