You are here: Reference > Data classes > CORS Policy data instances > Cross Origin Resource Sharing - Completing the Create or Save As form

Cross Origin Resource Sharing - Completing the Create or Save As form

You create cross-origin resource sharing (CORS) policies to control how other systems or websites (origins) are allowed to access resources (APIs and services) provided by your application. After you create a CORS policy, you must map it to an application endpoint describing the location of the resources, to specify where the policy is applied.

Standard record procedures

Records can be created in various ways. You can add a new record to your application or copy an existing one. You can specialize existing rules by creating a copy in a specific ruleset, against a different class or (in some cases) with a set of circumstance definitions. You can copy data instances but they do not support specialization because they are not versioned.

Based on your use case, you use the Create, Save As, or Specialization form to create the record. The number of fields and available options varies by record type. Start by familiarizing yourself with the generic layout of these forms and their common fields:

This information identifies the key parts and options that apply to the record type that you are creating.

Matching

At run time, the system checks the CORS policy rules, in the order that they are listed on the CORS-Endpoint Security form, until a match is found. Matching is based on the request method and the origin header value, which the system compares to the allowed request methods and allowed origins.

Key parts

The key for a CORS policy has one part:

Field

Description

Policy name

Enter a descriptive name for the CORS policy. You might name the policy for an endpoint or for the API or REST service that you intend to protect.

Tabs

The Cross Origin Resource Sharing Policy form displays the following tabs: