Configuring Allowed Domains - Hyland Clinician Window - 23.1 - 23.1 - Other - external

Hyland Clinician Window

Platform
Other
Product
Hyland Clinician Window
Release
23.1
License

To allow other domains to connect to the Clinician Window API, you must specify the domains allowed to make web service requests.

To configure allowed domains:

  1. Open the appsettings.Production.json file of the Clinician Window API in a plain-text editor. In a default installation, this file is located at: C:\Program Files\Hyland\HCW_API
  2. Update the attributes of the Host element to determine which domains are allowed to connect to the Clinician Window API. Modify one of the following settings:

    Setting

    Description

    AllowedOrigins

    Controls which domains are allowed to make web service requests. You must enter the domain of the Clinician Window UI component as one of the allowed domains.

    Use semicolons to separate multiple domains, as shown in the following example:

    { "AllowedOrigins": "a.com;b.com" }

    Use the * character as a wildcard if necessary.

    CAUTION:

    Using * to allow all domains to make web service requests can cause security vulnerabilities in your environment. It is recommended that specific domains are configured for the AllowedOrigins setting.

    EnableSameOrigin

    Determines whether the BFF server allows only domains from the same root URI as the BFF server.

    When set to false, the BFF server uses the configured list of approved domains from the AllowedOrigins setting. By default, the EnableSameOrigin setting is set to false.

    When set to true, any domains entered in the AllowedOrigins setting are ignored and only clients from the same root URI as the BFF server are allowed. For example, if the root URI of the BFF server is https://my.domain:1111/BFF, then requests coming from https://my.domain:1111/UI are allowed because they share the same scheme (https), domain (my.domain), and port number (1111).

    Note:

    If the AllowedOrigins setting is not configured and the EnableSameOrigin setting is set to false, the Clinician Window API will not start.

  3. Save and close the appsettings.Production.json file.
  4. Recycle the application pool of the Clinician Window API for the changes to take effect.