For added security, the API services can be configured to apply CORS security to each request, which validates that the request is from an expected source.
This network behavior is controlled by the allowedOrigins setting in the application server’s web.config file.
-
Navigate to the Application Server site virtual directory web.config file. For example:
C:\SDx Server Files\Web_Sites\SDxServer\web.config
-
Locate the integraph.webApi > cors element and edit the allowedOrigins value to include the machine and domain name of an allowed source of requests. For example:
allowedOrigins="http://mySubDomain.MyCustomDomain.com"
-
Set the value of the allowCredentials setting to true. For example:
allowCredentials="true"
By default, the allowedOrigins setting value is set to *, which works as long as any incoming requests are on the same network domain as the application server.
If your web client application is hosted on a different domain and you do not configure CORS on the application server, the incoming requests may be rejected.