Handling Cross Origin Requests
- 03 Aug 2023
- 1 Minute to read
- Print
- DarkLight
Handling Cross Origin Requests
- Updated on 03 Aug 2023
- 1 Minute to read
- Print
- DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
Overview
CORS, or Cross-Origin Resource Sharing, is an HTTP-header-based mechanism that allows a browser to load resources from any origin. The browser will make a "preflight" request to the server hosting the cross-origin resource to check that the server will permit the actual request. Decisions can handle simple requests (GET, POST, etc.); however, requests with preflight checks will require changes to the Decisions web.config and Settings.xml files for the requests to succeed.
For allowing Decisions to be open in an IFrame, some additional steps are needed, such as enabling SingleSignOn in the Settings.xml and allowing SameSite cookies to be accepted.
Example
To enable cross-origin requests, Decisions will require changes to the web.config and the Settings.xml file. Once these changes have been made, restart Decisions.
For the web.config file:
- Locate the httpProtocol tag. Under the tag, include the below segment:
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value=”SAMEORIGIN” or "[URLToFrame]"/>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, PUT, POST,DELETE, HEAD"/>
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept" />
</customHeaders>
</httpProtocol>For a standard installation, the web.config file will be located here: C:\Program Files\Decisions\Decisions Web Host
For the Settings.xml:
<CustomHeaders>
<CustomHeader>
<Name>Content-Security-Policy</Name>
<Value>https://*.example.com</Value>
</CustomHeader>
</CustomHeaders>
For a standard installation, the Settings.xml file will be located here: C:\Program Files\Decisions\Decisions Server
Was this article helpful?
