About Cross-Origin Resource Sharing

Cross-Origin Resource Sharing (CORS) is a mechanism that enables web-browsers or other web-clients to safely request restricted resources from domains outside of the domain that the web page was loaded from.

Often, cross-domain requests are prevented unless the request originates from a requester on the same domain as the service resides (same-origin security policy). This is done to reduce threats from off-site attacks.

CORS defines a way to determine whether requests for these services, when made from a browser with a web page not loaded from the same domain as the server, can be authorized by the server. This authorization allows the cross-origin request to be performed or its data to be passed by the browser to the requesting party to be executed by the requesting browser. This combines the freedom and flexibility of accepting all cross-origin requests with the increased security of same-origin requests by defining which sites may successfully send requests and receive access to services.

WorkZone uses Cross-Origin Resource Sharing to enable web pages to access WorkZone services, such as WorkZone PDF Engine, WorkZone Process and WorkZone OData when these pages are loaded from different domains.

Configure CORS in WorkZone

If WorkZone services are to be requested from web pages with other origins (for example WorkZone Client and WorkZone Configurator applications hosted on a different host than Process service), you must configure the Cross-Origin Resource Sharing parameters AllowedCorsOrigins and AllowedCorsHeaders for WorkZone PDF Engine, WorkZone Process and WorkZone OData.