Knowing Additional Cross-Origin Resource Sharing (CORS) Configuration
Setting the Access-Control-Allow-Origin header value described previously
allows for responses of all requests. Configuring CORS renders more security to the
application and reduces vulnerability to CSRF and XSS attacks. It also allows only
specific sharing of resources such as script_font and CSS.
Note:
The CORS configuration is preset in OFSAA and does not require any action. The information presented here is for your understanding.The following headers have been added to make the shared resource and response
restricted to specific http method types and also to be accessible through
authentication:
- Access-Control-Allow-Credentials
- Access-Control-Allow-Methods