Skip to main content

Table of Contents

Defining cross-origin resource sharing policies


Only available versions of this content are shown in the dropdown

Cross-origin resource sharing (CORS) policies define a method that enables a browser and server to interact and determine whether it is safe to allow a cross-origin request. For example, a client using a Pega Marketing application running in a browser, may see advertisements from third-parties, and if they click one of these advertisements, the CORS policy will record that the advertisement was viewed or clicked on.

The purpose of a CORS policy is to enable cross-domain requests, and is only applicable for cross-domain browser requests. In Pega Platform, CORS policies can only be associated with REST services. If the request is sent via server-side logic, such as in Java code or with a non JavaScript client such as postman, CORS is not applicable.

Using CORS policies results in reduced costs and implementation times while providing increased security as other systems or websites interact with your application.

To configure a CORS policy, you complete two main tasks:

  • Define the CORS policy for a REST service by specifying the allowed origins, allowed headers, exposed headers, allowed methods, credential usage, and preflight expiration time.
  • Map the CORS policy to an endpoint (URL or path) for the REST service that you want to protect.
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us