Skip to main content

Cross-Origin Resource Sharing (CORS) configuration in InCountry

Adding CORS headers in REST API

You need to add CORS policies to allow the browser to access the REST API. To do this:

  1. Open the environment where you want to add CORS settings.

  2. In the navigation sidebar, select the Access Policies menu item.

  3. On the Access Policies page, click the Create policy button or edit existing access policies.

  4. In the Add Access Policy form, scroll to Custom CORS settings and click Configure.

  5. Add origins to Allow Origin List or check the Allow any origin checkbox.

  6. When complete, create or update the policy.

Adding CORS headers in Web Services

In some cases, you may have to override CORS policies that are proxied through the Web Services. For doing this:

  1. Edit the Web Services endpoint.

  2. Check the Enable CORS box.

  3. Specify the Access-Control-Allow-Origin header.

  4. Save the Web Services endpoint.

info

If you don’t override CORS headers through the Web Services endpoint but specify them on your application backend, then Web Services will just proxy a request with their CORS headers to your application frontend from the backend.

info

If you don’t override CORS headers through the Web Services endpoint and don’t specify them on your application backend, then Web Services will apply the default headers, as follows:

Access-Control-Allow-Origin: '*' Access-Control-Allow-Credentials: 'true' Access-Control-Allow-Headers: 'Origin, Content-Type, Accept'