> ## Documentation Index
> Fetch the complete documentation index at: https://docs.law4devs.eu/llms.txt
> Use this file to discover all available pages before exploring further.

# CORS Policy

> Cross-origin request configuration for browser-based integrations

Law4Devs supports cross-origin requests so you can call the API directly from browser
applications. CORS is configured at the infrastructure level — no extra setup is needed
for most use cases.

## Allowed Configuration

| Property            | Value                                        |
| ------------------- | -------------------------------------------- |
| **Allowed methods** | `GET`, `OPTIONS`                             |
| **Allowed origins** | `*`                                          |
| **Allowed headers** | `Content-Type`, `Authorization`, `X-API-Key` |
| **Preflight cache** | 3600 seconds (1 hour)                        |

<Note>
  The API is read-only — only `GET` requests are permitted. `OPTIONS` is allowed for
  CORS preflight checks.
</Note>

## Browser Example

```typescript theme={null}
const response = await fetch(
  'https://api.law4devs.eu/v1/frameworks',
  {
    headers: {
      'X-API-Key': import.meta.env.VITE_LAW4DEVS_API_KEY,
    },
  }
);

const data = await response.json();
console.log(data.data);
```

<Warning>
  Never expose your API key in a browser application's source code or public repository.
  Use environment variables and server-side proxying for production browser integrations.
</Warning>
