Defining cross-origin resource sharing policies
Cross-origin resource sharing (CORS) policies define a method that enables a browser and server to interact and determine whether it is safe to allow a cross-origin request. For example, a client using a Pega Marketing application running in a browser, may see advertisements from third-parties, and if they click one of these advertisements, the CORS policy will record that the advertisement was viewed or clicked on.
Using CORS policies results in reduced costs and implementation times while providing increased security as other systems or websites interact with your application.
To configure a CORS policy, you complete two main tasks:
- Define the CORS policy for a REST service by specifying the allowed origins, allowed headers, exposed headers, allowed methods, credential usage, and preflight expiration time.
- Map the CORS policy to an endpoint (URL or path) for the REST service that you want to protect.