Sharing (CORS) allows a web page to make requests such as
to another domain. If you have a browser application that integrates with Oracle Content
Management Cloud but is hosted in a different domain, add the browser application domain to
Oracle Content Management Cloud’s CORS origins list.
If your browser application needs to use a REST endpoint that doesn't support CORS or that needs service account credentials, you can instead register and use the endpoint via Oracle Content Management’s integrated proxy service. See Configure Proxy Service Settings.
In general, inline frames can host content if the protocol, domain, and port of the inline frame are identical to those for the content it displays. For example, by default, an inline frame on the page
http://www.example.com:12345/home.html can host content only if the content's protocol is also
http, the domain is
www.example.com and the port is
However, if the application is in a different domain than Oracle Content Management, you need to need to add the application’s host machine information to the list of front channel CORS origins, back channel CORS origins, or both.
If the request is a cross-domain request (not originating from Oracle Content Management's domain) that will be served by Oracle Content Management, you need to add a front channel CORS origin. Front channel CORS is typically useful for custom application integration. For example, the REST APIs interact with the front channel.
If the request is directly from Oracle Content Management to a connected client in another domain, you need to add a back channel CORS origin. For example, Oracle Content Management can send back-channel messages (real-time updates) to an application.
If an application gets both front-channel and back-channel communication from Oracle Content Management, you need to add the domain to both the front and back channel CORS origins lists.
The CORS settings apply to all Oracle Content Management calls (documents, social, and content as a service).