Setting up Cross-Origin Resource Sharing (CORS)
Cross-Origin Resource Sharing (CORS) is a mechanism for using HTTP headers to give access permission to a User Agent for specific resources that are on a different origin server to the document in use.
An example of a cross-origin request is a HTML page provided by domain “A”, which requests a CSS stylesheet, provided by domain “B”. For security reasons, most browsers prevent cross-origin HTTP requests originated by scripts.
Here are some examples of CORS configurations:
1. CORS permission for all origins
To allow CORS within a configuration, without any restriction on the origin:
- Go to the Content Delivery menu of Real-Time Manager.
- Edit the required Content Delivery configuration.
- In the Rules Engine tab, create a new rule in Response Phase. Here’s an example.
| Name: | CORS |
|---|---|
| Criteria: | if ${uri} starts with /your-uri |
| Behavior: | then Add Response Header *Access-Control-Allow-Origin: ** |
2. CORS permission for specific origins
To enable CORS within a configuration for some specific origin servers, you will need the [Application Acceleration] (/en/documentation/products/edge-application/application-acceleration/) product.
- Go to the Content Delivery menu of Real-Time Manager.
- Edit the required Content Delivery configuration.
- In the Main Settings tab, start up Application Acceleration and save the setting.
- In the Rules Engine tab, create a new rule in Response Phase. Here’s an example.
| Name: | CORS |
|---|---|
| Criteria: | if ${http_origin} is equal http://your.domain1.com or ${http_origin} is equal http://your.domain2.com or ${http_origin} is equal http://your.domain3.com |
| Behavior: | then Add Response Header Access-Control-Allow-Origin: ${http_origin} |
Didn’t find what you were looking for? Open a support ticket.