Using CORS to process cross-domain requests

HCP supports Cross-Origin Resource Sharing (CORS). CORS is a mechanism that uses additional HTTP headers to allow a web application running on a browser at one origin (domain) to have permission to access restricted resources on a server at a different origin. A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, and port) than its own.

To use CORS with HCP, you first need to configure CORS rules for a namespace to specify the sites that are allowed cross-origin access. Then, the HCP software validates incoming requests for compliance to these rules.

CORS rules are specific to a namespace and can be configured at either the namespace level or tenant level.

This section of the help:

Describes supported CORS use cases

Describes CORS configuration limits in HCP

Describes HCP permissions for CORS configuration

Describes how to configure CORS rules for a namespace

Presents a CORS rules configuration template

Presents examples of PUT, GET, and DELETE bucket requests

Describes how CORS request processing works

Presents a preflighted request example

Related topics

cors data type

Namespace resources

Namespace-level CORS rules configuration

Requests and responses

Roles and permissions

Tenant resources

Tenant-level CORS rules configuration

Related references

Fetch Living Standard, maintained by the Web Hypertext Application Technology Working Group (WHATWG)

© 2015, 2020 Hitachi Vantara LLC. All rights reserved.