Configuring CORS security - HxGN SDx - Update 63 - Administration & Configuration - Hexagon

HxGN SDx API Services Configuration

Language
English
Product
HxGN SDx
Search by Category
Administration & Configuration
SmartPlant Foundation / SDx Version
10

For added security, the API services can be configured to apply CORS security to each request, which validates that the request is from an expected source.

This network behavior is controlled by the allowedOrigins setting in the application server’s web.config file.

  1. Navigate to the Application Server site virtual directory web.config file. For example:

    C:\SDx Server Files\Web_Sites\SDxServer\web.config

  2. Locate the integraph.webApi > cors element and edit the allowedOrigins value to include the machine and domain name of an allowed source of requests. For example:

    allowedOrigins="http://mySubDomain.MyCustomDomain.com"

  3. Set the value of the allowCredentials setting to true. For example:

    allowCredentials="true"

By default, the allowedOrigins setting value is set to *, which works as long as any incoming requests are on the same network domain as the application server.

SHARED Tip If your web client application is hosted on a different domain and you do not configure CORS on the application server, the incoming requests may be rejected.