Handling Cross Origin Requests
  • 03 Aug 2023
  • 1 Minute to read
  • Dark
    Light

Handling Cross Origin Requests

  • Dark
    Light

Article summary

Overview

CORS, or Cross-Origin Resource Sharing, is an HTTP-header-based mechanism that allows a browser to load resources from any origin. The browser will make a "preflight" request to the server hosting the cross-origin resource to check that the server will permit the actual request. Decisions can handle simple requests (GET, POST, etc.); however, requests with preflight checks will require changes to the Decisions web.config and Settings.xml files for the requests to succeed.

For allowing Decisions to be open in an IFrame, some additional steps are needed, such as enabling SingleSignOn in the Settings.xml and allowing SameSite cookies to be accepted.

Example

To enable cross-origin requests, Decisions will require changes to the web.config and the Settings.xml file. Once these changes have been made, restart Decisions.

For the web.config file:

  • Locate the httpProtocol tag. Under the tag, include the below segment:
<httpProtocol>	
 <customHeaders>		
  <add name="X-Frame-Options" value=”SAMEORIGIN” or "[URLToFrame]"/>
  <add name="Access-Control-Allow-Origin" value="*" />		
  <add name="Access-Control-Allow-Methods" value="GET, PUT, POST,DELETE, HEAD"/>		
  <add name="Access-Control-Allow-Credentials" value="true" />
  <add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept" />	
 </customHeaders>
</httpProtocol>
For a standard installation, the web.config file will be located here: C:\Program Files\Decisions\Decisions Web Host

For the Settings.xml:

<CustomHeaders>
 <CustomHeader>
  <Name>Content-Security-Policy</Name>
  <Value>https://*.example.com</Value>
 </CustomHeader>
</CustomHeaders>
For a standard installation, the Settings.xml file will be located here: C:\Program Files\Decisions\Decisions Server

Was this article helpful?