Endpoint security for CORS policies

An endpoint represents a path or URL to one or more resources (APIs or services) of an application. When you set up cross-origin resource sharing (CORS) policies, you must map to an endpoint to specify which CORS policies apply to it. By doing so, you control access to application resources from other systems or websites.

Matching incoming requests to the appropriate policy is based on the request method and the origin header value, which the system compares to the allowed methods and allowed origins. The matched policy becomes the effective policy and is applied to the client interaction.

  • A request from the origin that is specified in the CORS policy is recognized as secure, for this endpoint. Requests that satisfy the policy are sent responses with the appropriate headers, as defined in the CORS policy.
  • A request from an origin that is not specified in the CORS policy is not considered secure and returns an error message explaining that the cross-origin request was denied.

The length of the path that you specify determines the level at which you are effectively providing security.


Use the Endpoint-CORS policy mapping form (Configure > Integration > Services > Endpoint-CORS Policy Mapping) to map an endpoint to one or more CORS policies or to review existing instances.

You must have valid security privileges ( pzCanManageSecurityPolicies ) to map endpoints to CORS policies.


Endpoint-CORS policy mappings are instances of the DATA-Admin-Security-CORSEndpoint class.

They are part of the Security category.