Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Mapping an endpoint to a cross-origin resource sharing (CORS) policy

Updated on July 1, 2021

The purpose of a CORS policy is to enable cross-domain requests. In Pega Platform, CORS policies can only be associated with REST services. When setting up cross-origin resource sharing (CORS) policies, you must map to a REST endpoint to specify which CORS policies apply to it. By doing so, you define which domains are allowed to access these resources within your Pega application.

Before you begin: To map endpoints to CORS policies you must have the pzCanManageSecurityPolicies security privilege, which the PegaRULES:SecurityAdministrator role includes.
  1. In the header of Dev Studio, click ConfigureIntegrationServicesEndpoint-CORS Policy Mapping.
  2. On the Endpoint-CORS policy mapping form, click Add endpoint.
  3. In the Endpoint-CORS policy mapping dialog box, in the Endpoint field, specify a valid endpoint (path or URL).
  4. Click Add policy.
  5. In the CORS Policies field, specify one or more CORS policies that map to this endpoint.

    The sequence in which you list the CORS policies is significant. At run time, the system checks the CORS policy rules in the order that they are listed on the CORS-Endpoint Security form, until a match is found. Matching is based on the request method and the origin header value, which the system compares to the allowed request methods and allowed origins.

    • A request from the origin that is specified in the CORS policy is recognized as secure for this REST endpoint. Requests that satisfy the policy are sent responses with the appropriate headers, as defined in the CORS policy.
    • A request from an origin that is not specified in the CORS policy is not considered secure, and the browser returns an error message stating that the cross-origin request was denied.
  6. Click Submit.
  • Previous topic Creating a cross-origin resource sharing (CORS) policy
  • Next topic Securing your application with a content security policy

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us