Skip to content

Configuring Cross-Origin Resource Sharing (CORS)

As a security measure, modern web browsers restrict the types of interactions that are permitted between distinct web sites. This can cause problems when attempting cross-site integration, for example when embedding the HACloud web client into another website, such as a portal. CORS is a standard mechanism that you can use to specify that the browser permit access from one site to another site.

You can configure the HACloud service to include the required CORS HTTP header when it responds to the web requests by adjusting your service settings and redeploying the hacloud-session-server service.

  1. In the Edit Properties field, add:

    Key Value
    CORS_ALLOWED_ORIGINS https://integration-server1.com
  2. Redeploy the hacloud-session-server service .

You can set this value to a comma-delimited list of allowed origins or use * to allow access from all origins (Allowing this kind of open access may be a security risk). If you use the wild card option(*), be aware that web browsers impose additional restrictions, such as limited Cookie access. For more information, see Cross-Origin Resource Sharing (CORS) - HTTP/MDN.

Back to top