Overview
The Cross-Origin Resource Sharing (CORS) page allows you to control and restrict the origins from which communication to your workflow system is received. When external domains are used to trigger workflows or store data on your system you can specify these in order to allow communication and resource sharing with trusted sites. This makes sending data between your internal systems and external domains more secure and reliable.
Capture
Notes
- Allowed Origin to send cross-origin requests
- Enter the URL(s) of trusted domains that are allowed to send requests to your system
- The default setting is “*” which allows access from any domain
- If the “Allow sending credentials” option is enabled, specifying “*” will result in a run-time error.
- A maximum of 10 domains can be added in the Allowed Origin section
- Allowed methods
- Select one or more of the methods that will be granted access
- GET is used to request data
- POST is used to send data
- HEAD is similar to GET but only returns the header with no body
- OPTIONS describes the communication options for the target resource
- Select one or more of the methods that will be granted access
- Allowed HTTP headers
- In these fields you can specify which headers may be used to pass information when accessing the system
- Only one header can be input per field, they are not case-sensitive and a colon is not required
- A maximum of 10 allowed HTTP headers can be added
- Allow sending credentials
- This determines whether credentials such as cookies, authorization headers or TLS client certificates will be accepted