Mapping an endpoint to a cross-origin resource sharing (CORS) policy

An endpoint represents a path or URL to a particular resource (API or service) of an application. In configuring cross-origin resource sharing (CORS) policies, you must identify and map a CORS policy to an endpoint that applies to one or more resources. By doing so, you control website access to your application.

Before you begin: You must have the pzCanManageSecurityPolicies security privilege, which is included in the PegaRULES:SecurityAdministrator role, to map endpoints to CORS policies.
  1. Click Configure > Integration > Services > Endpoint-CORS Policy Mapping.
  2. On the Endpoint-CORS policy mapping form, click Add endpoint.
  3. In the Endpoint-CORS policy mapping dialog box, in the Endpoint field, specify a valid endpoint (path or URL).
  4. Click Add policy.
  5. In the CORS Policies field, specify one or more CORS policies that map to this endpoint.
    The sequence in which you list the CORS policies is significant. At run time, the system examines the CORS policies, in the order listed here, until a match is found.
    • A request from the origin that is specified in the CORS policy is recognized as secure, for this endpoint. Requests that satisfy the policy are sent responses with the appropriate headers, as defined in the CORS policy.
    • A request from an origin that is not specified in the CORS policy is not considered secure and returns an error message explaining that the cross-origin request was denied.
  6. Click Submit.