The trust model for HCP Vault protects the operations invoked in the root
admin), including all system configurations.
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. For more information, refer to the Cross-Origin Resource Sharing (CORS) documentation.
Vault allows you to manage CORS settings for your UI. Refer to the Vault API
documentation to learn
/sys/config/cors API endpoint.
You can manage the CORS settings for your UI using the HCP portal or via API.
»Custom UI headers
Some security systems require the UI to serve custom headers to improve the security of the underlying system. Vault allow you to manage custom headers to be served by the UI. See the Vault API documentation for detail.
You can manage those UI header settings using the HCP portal or the API.