Cross-Origin Resource Sharing (CORS)

Edit on GitHub

Cross-Origin Resource Sharing (CORS) is a mechanism for using HTTP headers to give access permission to a User Agent for specific resources that are on a different origin server to the document in use.

An example of a cross-origin request is a HTML page provided by domain “A”, which requests a CSS stylesheet, provided by domain “B”. For security reasons, most browsers prevent cross-origin HTTP requests originated by scripts.

Here are some examples of CORS configurations:

  1. CORS permission for all origins
  2. CORS permission for specific origins

1. CORS permission for all origins

To allow CORS within a configuration, without any restriction on the origin:

  1. Go to the Content Delivery menu of Real-Time Manager.
  2. Edit the required Content Delivery configuration.
  3. In the Rules Engine tab, create a new rule in Response Phase. Here’s an example.
Name: CORS
Criteria: if ${uri} starts with /your-uri
Behavior: then Add Response Header *Access-Control-Allow-Origin: **

2. CORS permission for specific origins

To enable CORS within a configuration for some specific origin servers, you will need the [Application Acceleration] (/en/documentation/products/application-acceleration/) product.

  1. Go to the Content Delivery menu of Real-Time Manager.
  2. Edit the required Content Delivery configuration.
  3. In the Main Settings tab, start up Application Acceleration and save the setting.
  4. In the Rules Engine tab, create a new rule in Response Phase. Here’s an example.
Name: CORS
Criteria: if ${http_origin} is equal http://your.domain1.com
or ${http_origin} is equal http://your.domain2.com
or ${http_origin} is equal http://your.domain3.com
Behavior: then Add Response Header Access-Control-Allow-Origin: ${http_origin}

Didn’t find what you were looking for? Open a support ticket.