1. Administration and Configuration Guide
  2. Generic Configurations
  3. Setting Access-Control-Allow-Origin Header
  4. Knowing Additional Cross-Origin Resource Sharing (CORS) Configuration

Knowing Additional Cross-Origin Resource Sharing (CORS) Configuration

Setting the Access-Control-Allow-Origin header value described previously allows for responses of all requests. Configuring CORS renders more security to the application and reduces vulnerability to CSRF and XSS attacks. It also allows only specific sharing of resources such as script_font and CSS.

Note:

The CORS configuration is preset in OFSAA and does not require any action. The information presented here is for your understanding.
The following headers have been added to make the shared resource and response restricted to specific http method types and also to be accessible through authentication:
  1. Access-Control-Allow-Credentials
  2. Access-Control-Allow-Methods