Configure Browser Access for Embedded Interviews

To ensure that only permitted sites can embed deployed Intelligent Advisor interviews and flows, a Connections administrator needs to explicitly allow a cross origin request from the servers hosting the application that the interview or flow is being embedded in. To do this:

1. In Intelligent Advisor Hub, click the user menu at the top right of the screen.
2. Select CORS settings. The CORS settings page is displayed.
3. Under Interview access control, click Add Host.
4. In the CORS hosts field, enter the address.
   
   
   
   Note that:
   • Only https:, http: and app: URL schemes are supported.
   • An asterisk (*) can be used as a wildcard to indicate any number of characters after the https:// or http:// and before the site name. For example, https://*.somesite.com. Note that short wildcards such as http://*.com or http://* are not allowed.
   • The combined list of sites cannot exceed 8000 characters in length.
5. Click Apply.

Note: If the embedding server can be accessed at multiple addresses, including a secure version of the same site, each address will need to be listed. Authorizations apply to all deployed interviews and flows on that Hub.

To delete a host, on the CORS settings page, click the Remove button next to the host address. Then click Apply.

Tip: For more information on cross origin requests, see https://fetch.spec.whatwg.org/#http-cors-protocol. The Intelligent Advisor Hub REST API can be used to automate the creation, management and deletion of CORS allowlists. For more information, see Manage CORS Allowlists.