- Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources to be requested from another domain outside from which the first resource was served.
- It restricts browser applications to access resources that have the origin different from the origin of the application itself. In order for API responses to be processed successfully, the API has to respond with its consent to be called Cross-Origin by these applications.
Note: A request to the same host but on a different port is considered a cross-origin request.The "origin" in the term "cross-origin" is defined as the scheme, host, and port of a URL.
To enable CORS, we just have to send the Access-Control-Allow-Origin header in the service response. To do this simply add a 'Transport Header' Component from the component pallet in the response Pipeline branch of your routing. Click the 'Transport Header' and then in the 'Transport Header - Properties' window click the '+' button to add a new header named 'Access-Control-Allow-Origin' and give its value as '*' as shown below :
Note : Access-Control-Allow-Origin: * means that the resource can be accessed by any domain in a cross-site manner. If you wished to restrict the access to the resource to requests only from a particular domain or domains, you should set the value as that domain(or a list of those domains). With this configured, now you will be able to access your REST service from a web page running on another domain.
No comments:
Post a Comment