Cross-Origin Resource Sharing (CORS) is a security mechanism that enables web servers to control cross-domain access to its resources.
By default, cross-origin requests to the Management API are only allowed from the server and domain where Smart API Manager is installed. If a client needs to send requests to the Management API from a different domain or server, you must allow requests for resources that originate from that domain or server. To do so, you make changes to the the Smart API Manager configuration file.
-
Open the configuration file:
[Smart API Manager Install Folder]\appsettings.json
If you are using a version of Smart API Manager earlier than 5.0, the configuration
file is: [Smart API Manager Install Folder]\Dashboard\web.config.
-
In the cors element, find the AllowedOrigins attribute. For example:
"Security": {
"Cors": {
"AllowedOrigins": [
"https://c9loadtestsam19.ingrnet.com",
"http://c9loadtestsam19.ingrnet.com"
],
The AllowedOrigins attribute manages cross-origin requests to the Management API delivered with the Smart API Manager.
The default value is based on the server and domain name where Smart API Manager is installed.
-
Update AllowedOrigins to include the domains that clients will send requests from.
If necessary, you can allow requests from any origin by setting AllowedOrigins to an asterisk (*).
Hexagon does not recommend allowing requests from any origin. Doing so can make your web server, and
therefore all the resources it controls access to, less secure.