CORS, Cross-Origin Resource Sharing, is a mechanism that enables web servers to control cross-domain access to its resources.
An HTTP request for a resource that originates from a domain or port that is different from the resource server can be allowed (or denied) based on a setting in web.config.
The [Smart API Manager Install Folder]\Dashboard\web.config file contains a cors element, with the allowedOrigins attribute, as shown below:
<security>
<oauth issuer="https://server.com/sam/oauth/" requiredScopes="ingr.api" />
<cors allowCredentials="false" preflightMaxAge="600" exposedHeaders="WWW-Authenticate"
allowedHeaders="*" allowedMethods="*" allowedOrigins="" />
</security>
The value for allowedOrigins manages cross-origin requests to the Management API delivered with the Smart API Manager.
To support a client sending requests to the Management API from a domain that differs from the server, you can set allowedOrigins to the domain (or a comma-separated list of domains).
An asterisk allows requests from any origin.
The default value is based on the server and domain name where Smart API Manager is installed.