Configure Cross-Origin Resource Sharing (CORS)
This applies to: Managed Dashboards, Managed Reports
CORS must be enabled for your site through the configuration settings if you want to perform certain embed library functions using your own JavaScript on a page that embeds managed dashboards and reports.
These include listening for the client-side ready
event or passing JavaScript to run within Symphony in the browser from your own page, as listed in the methods table.
Set up CORS even if both your page's URL and Symphony's URL have the same origin (protocol, hostname/domain, and port number) if you want to use the embed library's methods.
CORS also authorizes your page to make REST calls to the Symphony server from the browser. See REST API with CORS Example.
Configure cross-origin resource sharing
While logged in as a member of the system administrator's group, navigate to and select the Admin section of Symphony in the main menu. The Admin menu opens.
Select Setup to expand the menu and see the setup options, then select Config. A configuration settings work opens.
From the options presented, select Advanced Settings , then select and edit CORS (Cross-Domain) Origins in the Web Application category.
Select Edit value, then enter the URL origin of the page that will embed Symphony, such as
https://domain.com
orhttp://hostname:8000
.Note: To restrict which sites can embed this Symphony instance on its pages, use the Allowed Embedded Origins configuration setting. See also the other configuration best practices.Select Submit to apply your changes.
If needed, use the in-dialog guidance to add multiple domains.
Note: Do not include a slash at the end or any part of the path when setting an origin.
Defining the URLs here lets Symphony know:
The origin/domain you specify is yours and is authorized to access the Symphony REST API in the browser from that origin if different than Symphony's.
Your page's JavaScript from any origin (even if the same as Symphony) is yours and authorized to pass JavaScript to run in the Symphonyembedded client application or monitor for when its page is ready.
Any other site not listed or included is prevented by browsers and by Symphony from performing these functions. Additionally, this prevents:
Access to Symphony APIs.
Passing of messages to embedded applications.
Execution of scripts from posted messages unless the embedding application's origin is listed or included, even if the same as Symphony.
Comments
0 comments
Please sign in to leave a comment.