Allowing CORS from a Foreign Domain - Public Sector Constituency Web Access - Foundation 24.1 - Foundation 24.1 - Ready - OnBase - external

Public Sector Constituency Web Access

Platform
OnBase
Product
Public Sector Constituency Web Access
Release
Foundation 24.1
License

The following configuration is required if the front-end client files are hosted on a different machine or host than the API, even if the only change is a domain name or port.

To allow for the API to be accessed from one external domain, the domain your front-end is hosted on, change the value of the Access-Control-Allow-Origin attribute to the exact hostname (including protocol, such as https).

The following example shows how to configure CORS with http://www.example.com as the allowed foreign domain which hosts the front-end client.

<httpProtocol>
<customHeaders>
<!-- Comma-separated list of origins that are allowed to make requests to this API. Enables cross-origin resource sharing (CORS) to these hosts. -->
<add name="Access-Control-Allow-Origin" value="http://www.example.com" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
</customHeaders>
</httpProtocol>