Handling Cross Origin Requests
- 27 Sep 2024
- 1 Minute to read
- Print
- DarkLight
Handling Cross Origin Requests
- Updated on 27 Sep 2024
- 1 Minute to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Overview
CORS, or Cross-Origin Resource Sharing, is an HTTP-header-based mechanism that allows a browser to load resources from any origin. Normally browsers will block requests from outside origins as a security feature. Enabling CORS reduces some of the security burden for specified websites. The browser will make a preflight request to the server hosting the cross-origin resource to check that the server will permit the actual request. Decisions can handle simple requests (GET, POST, etc.) out of the box; however, requests with preflight checks will require changes to the Decisions Settings.xml files for the requests to succeed.
For allowing Decisions to be opened in an IFrame, some additional steps are needed, such as enabling SingleSignOn in the Settings.xml and allowing SameSite cookies to be accepted.
Example
To enable cross-origin requests, Decisions will require changes to the Customer Header section of the Settings.xml file. Enter in the URL for the origin that needs to be allowed. Once these changes have been made, restart Decisions.
For the Settings.xml:
<CustomHeaders>
<CustomHeader>
<Name>Content-Security-Policy</Name>
<Value>https://*.example.com</Value>
</CustomHeader>
</CustomHeaders>
For a standard installation, the Settings.xml file will be located here: C:\Program Files\Decisions\Decisions Server
Was this article helpful?
