CORS configuration - Intergraph Smart API Manager - Installation & Upgrade - Intergraph

Smart API Manager Installation and Configuration

Intergraph Smart API Manager
Installation & Upgrade

CORS, Cross-Origin Resource Sharing, is a mechanism that enables web servers to control cross-domain access to its resources.

An HTTP request for a resource that originates from a domain or port that is different from the resource server can be allowed (or denied) based on a setting in web.config.

The [Smart API Manager Install Folder]\Dashboard\web.config file contains a cors element, with the allowedOrigins attribute, as shown below:


<oauth issuer="" requiredScopes="ingr.api" />

<cors allowCredentials="false" preflightMaxAge="600" exposedHeaders="WWW-Authenticate"

allowedHeaders="*" allowedMethods="*" allowedOrigins="" />


The value for allowedOrigins manages cross-origin requests to the Management API delivered with the Smart API Manager.

To support a client sending requests to the Management API from a domain that differs from the server, you can set allowedOrigins to the domain (or a comma-separated list of domains).

An asterisk allows requests from any origin.

The default value is based on the server and domain name where Smart API Manager is installed.