1 of 20
2 of 20
3 of 20
4 of 20
5 of 20
6 of 20
7 of 20
8 of 20
9 of 20
10 of 20
11 of 20
12 of 20
13 of 20
14 of 20
15 of 20
16 of 20
17 of 20
18 of 20
19 of 20
20 of 20

site

doc

blog

success stories

Setting up Cross-Origin Resource Sharing (CORS)

Edit on GitHub

Cross-Origin Resource Sharing (CORS) is a mechanism for using HTTP headers to give access permission to a User Agent for specific resources that are on a different origin server to the document in use.

An example of a cross-origin request is a HTML page provided by domain “A”, which requests a CSS stylesheet, provided by domain “B”. For security reasons, most browsers prevent cross-origin HTTP requests originated by scripts.

Here are some examples of CORS configurations:

  1. CORS permission for all origins
  2. CORS permission for specific origins

1. CORS permission for all origins

To allow CORS within a configuration, without any restriction on the origin:

  1. Go to the Content Delivery menu of Real-Time Manager.
  2. Edit the required Content Delivery configuration.
  3. In the Rules Engine tab, create a new rule in Response Phase. Here’s an example.
Name: CORS
Criteria: if ${uri} starts with /your-uri
Behavior: then Add Response Header *Access-Control-Allow-Origin: **

2. CORS permission for specific origins

To enable CORS within a configuration for some specific origin servers, you will need the [Application Acceleration] (/en/documentation/products/application-acceleration/) product.

  1. Go to the Content Delivery menu of Real-Time Manager.
  2. Edit the required Content Delivery configuration.
  3. In the Main Settings tab, start up Application Acceleration and save the setting.
  4. In the Rules Engine tab, create a new rule in Response Phase. Here’s an example.
Name: CORS
Criteria: if ${http_origin} is equal http://your.domain1.com
or ${http_origin} is equal http://your.domain2.com
or ${http_origin} is equal http://your.domain3.com
Behavior: then Add Response Header Access-Control-Allow-Origin: ${http_origin}

Didn’t find what you were looking for? Open a support ticket.