You create cross-origin resource sharing (CORS) policies to control how other systems or websites (origins) are allowed to access resources (APIs and services) provided by your application. After you create a CORS policy, you must map it to an application endpoint describing the location of the resources, to specify where the policy is applied.
Records can be created in various ways. You can add a new record to your application or copy an existing one. You can specialize existing rules by creating a copy in a specific ruleset, against a different class or (in some cases) with a set of circumstance definitions. You can copy data instances but they do not support specialization because they are not versioned.
Based on your use case, you use the Create, Save As, or Specialization form to create the record. The number of fields and available options varies by record type. Start by familiarizing yourself with the generic layout of these forms and their common fields:
This information identifies the key parts and options that apply to the record type that you are creating.
At run time, the system checks the CORS policy rules, in the order that they are listed on the CORS-Endpoint Security form, until a match is found. Matching is based on the request method and the origin header value, which the system compares to the allowed request methods and allowed origins.
The key for a CORS policy has one part:
Field |
Description |
| Policy name |
Enter a descriptive name for the CORS policy. You might name the policy for an endpoint or for the API or REST service that you intend to protect. |
The Cross Origin Resource Sharing Policy form displays the following tabs: