Problem
In certain networking environments, the security around the API Services can be sensitive to the source of any incoming API Requests and may reject requests from unrecognized sources. This network behaviour is controlled by the allowedOrigins setting in the Application Server’s web.config file.
By default, the allowedOrigins setting value is set to * , which works without issue as long as the Application Server, and any incoming requests, are from the same network domain. In cases where any client web applications are hosted on a different domain, incoming requests may be rejected.
Solution
To resolve this issue, edit the allowedOrigins setting to include the domain where the client web application is hosted. For example:
-
Navigate to the Application Server site virtual directory web.config file. For example: C:\SDx Server Files\Web_Sites\[SiteServer]\web.config
-
Locate the integraph.webApi > cors element.
-
Edit the allowedOrigins value to include the machine and domain name of an allowed source of requests. For example: allowedOrigins=”http://mySubDomain.MyCustomDomain.com
This setting can accommodate multiple comma-separated values.
-
Set the value of the allowCredentials setting to True. For example: allowCredentials="true".