CORS
| Line 7: | Line 7: | ||
DreamFactory supports granular configuration of CORS at HTTP Verbs and API level, meaning you can configure DreamFactory | DreamFactory supports granular configuration of CORS at HTTP Verbs and API level, meaning you can configure DreamFactory | ||
to allow a host to have controlled-access (GET, POST, PUT, PATCH, DELETE) for specific API paths only. This allows for | to allow a host to have controlled-access (GET, POST, PUT, PATCH, DELETE) for specific API paths only. This allows for | ||
| − | enabling CORS for a specific | + | enabling CORS for a specific services and/or resources and does not expose the entire system over CORS. |
Programmable CORS support prevents cross-site scripting attacks and use of the API from unauthorized sources, but still | Programmable CORS support prevents cross-site scripting attacks and use of the API from unauthorized sources, but still | ||
allows the administrator to add necessary exceptions and temporary allowances for testing, etc. | allows the administrator to add necessary exceptions and temporary allowances for testing, etc. | ||
Revision as of 18:11, 21 September 2015
DreamFactory implements Cross-Origin Resource Sharing (CORS) as a system level web service. The Admin Panel has a simple
interface that can enable any host domain to use the DreamFactory REST API. By default, CORS is turned off and the services
are only available from the originating host.
DreamFactory supports granular configuration of CORS at HTTP Verbs and API level, meaning you can configure DreamFactory to allow a host to have controlled-access (GET, POST, PUT, PATCH, DELETE) for specific API paths only. This allows for enabling CORS for a specific services and/or resources and does not expose the entire system over CORS.
Programmable CORS support prevents cross-site scripting attacks and use of the API from unauthorized sources, but still
allows the administrator to add necessary exceptions and temporary allowances for testing, etc.
