An endpoint represents a path or URL to one or more
resources (APIs or services) of an application. When you set up cross-origin
resource sharing (CORS) policies, you must map to an endpoint to specify which CORS
policies apply to it. By doing so, you control access to application resources from
other systems or websites.
Before you begin: You must have the pzCanManageSecurityPolicies
security privilege, which is included in the
PegaRULES:SecurityAdministrator role, to map endpoints to CORS
policies.
-
In the header of Dev Studio, click .
-
On the Endpoint-CORS policy mapping form, click Add
endpoint.
-
In the Endpoint-CORS policy mapping dialog box, in the
Endpoint field, specify a valid endpoint (path or URL).
-
Click Add policy.
-
In the CORS Policies field, specify one or more CORS policies
that map to this endpoint.
The sequence in which you list the CORS policies is
significant. At run time, the system checks the CORS policy rules, in the order that
they are listed on the CORS-Endpoint Security form, until a match is found. Matching is
based on the request method and the origin header value, which the system compares to
the allowed request methods and allowed origins.
- A request from the origin that is specified in the CORS policy is recognized as
secure, for this endpoint. Requests that satisfy the policy are sent responses with
the appropriate headers, as defined in the CORS policy.
- A request from an origin that is not specified in the CORS policy is not considered
secure and returns an error message explaining that the cross-origin request was
denied.
-
Click Submit.