Cross-origin resource sharing (CORS) policies

Cross-origin resource sharing (CORS) policies are used to control how other systems or websites (origins) are allowed to access resources (APIs and services) provided by your application. For example, Pega Platform uses CORS policies to restrict which Pega Robotic client apps can connect to your Pega applications and to limit which mobile apps can call Pega mobile services.

Using CORS policies results in reduced costs and implementation times while providing increased security as other systems or websites interact with your application.

To configure a CORS policy, you complete two main tasks:

  • Define the CORS policy for an API or REST service by specifying the allowed origins, allowed headers, exposed headers, allowed methods, credential usage, and preflight expiration time.
  • Map the CORS policy to an endpoint (URL or path) for the API or REST service that you want to protect.

You must have valid security privileges ( pzCanManageSecurityPolicies ) to create or modify CORS policies.