CORS allow origins

Description

A whitelist of origins allowed to make cross-site requests to the UX component.

Discussion

Browsers automatically block requests made from one website to another unless a CORS policy explicitly allows access to the requesting site (origin). For example, if an application running on site www.example.com makes a request to www.someservice.org, the browser will not allow the site www.example.com to read the response from www.someservice.org unless www.someservice.org includes a CORS policy that allows the origin www.example.com to access the site. CORS allow origins can be used to list the origins that are allowed to make cross-site requests to your application.

CORS allow origins can either be the value * (all origins) or a comma-delimited list of explicit origins allowed to make cross site requests to the UX component. For instance, if you would like to allow a page located at https://example.s3.amazonaws.com/example/index.html to make requests to an Alpha Anywhere app at https://myserver.example.com/, the origin to allow is https://example.s3.amazonaws.com/example. CORS allow origins defaults to *, allowing all origins to make a cross site request to the UX component.

Checking this option adds Access-Control-Allow-Origin to the header response sent to the origin that makes the request.

This setting is only available if Add CORS headers is checked.

See Also

• Add CORS headers
• CORS allow private network