CORS
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
| − | DreamFactory implements Cross-Origin Resource Sharing (CORS) as a system level web service. The Admin Panel has a simple | + | DreamFactory implements Cross-Origin Resource Sharing (CORS) as a system-level web service. The Admin Panel has a simple |
interface that can enable any host domain to use the DreamFactory REST API. By default, CORS is turned off and the services | interface that can enable any host domain to use the DreamFactory REST API. By default, CORS is turned off and the services | ||
are only available from the originating host. | are only available from the originating host. | ||
| Line 7: | Line 6: | ||
DreamFactory supports granular configuration of CORS at HTTP Verbs and API level, meaning you can configure DreamFactory | DreamFactory supports granular configuration of CORS at HTTP Verbs and API level, meaning you can configure DreamFactory | ||
to allow a host to have controlled-access (GET, POST, PUT, PATCH, DELETE) for specific API paths only. This allows for | to allow a host to have controlled-access (GET, POST, PUT, PATCH, DELETE) for specific API paths only. This allows for | ||
| − | enabling CORS for a specific | + | enabling CORS for a specific services and/or resources and does not expose the entire system over CORS. |
| − | + | ||
Programmable CORS support prevents cross-site scripting attacks and use of the API from unauthorized sources, but still | Programmable CORS support prevents cross-site scripting attacks and use of the API from unauthorized sources, but still | ||
allows the administrator to add necessary exceptions and temporary allowances for testing, etc. | allows the administrator to add necessary exceptions and temporary allowances for testing, etc. | ||
Latest revision as of 23:40, 15 July 2016
DreamFactory implements Cross-Origin Resource Sharing (CORS) as a system-level web service. The Admin Panel has a simple interface that can enable any host domain to use the DreamFactory REST API. By default, CORS is turned off and the services are only available from the originating host.
DreamFactory supports granular configuration of CORS at HTTP Verbs and API level, meaning you can configure DreamFactory to allow a host to have controlled-access (GET, POST, PUT, PATCH, DELETE) for specific API paths only. This allows for enabling CORS for a specific services and/or resources and does not expose the entire system over CORS.
Programmable CORS support prevents cross-site scripting attacks and use of the API from unauthorized sources, but still allows the administrator to add necessary exceptions and temporary allowances for testing, etc.
