Cross-Origin Resource Sharing (CORS)

Jason He Updated by Jason He

The same-origin policy has been adopt by all browsers to protect API been used by scripts from different domain. Cross-Origin Resource Sharing (CORS) is an HTTP header based mechanism that allows a server to indicate any origins other than its own from which a browser should permit loading resources.

By default, DeskDirector server only allows its own web application to hit the API in the browser, by defining additional domain in our CORS setting, you can allow third party application to consume DeskDirector API in the browser.

Such capability allows you to create your own application that can be embedded in our client or TECH portal to provide extended functionality. Since the application you have developed will be hosted under an different domain, you will need to add the domain in admin portal before they can query our API.

Best Practice

In general, you should not use this feature, unless you have embedded page that need to use DeskDirector API from browser.

How did we do?

Content-Security-Policy

Contact