Knowledge Base

How to Setup Cross-Origin Resource Sharing (CORS)

This article describes how to enable Cross-Origin Resource Sharing (CORS) for your site. CORS enables web browsers to access resources at a different location from where the web application is running. For example, if you have an application running on https://example.com that requests resources from https://example-2.com, the server on example-2.com must allow such requests.

If you are using secure (https://) connections with cross-origin resource sharing, make sure the servers have valid and trusted SSL certificates. Even if CORS is enabled correctly on the server, some browsers (such as Firefox) do not complete cross-origin requests if the SSL certificate itself is invalid.

Enabling CORS

To enable CORS, you must configure the web server to send an HTTP header that permits remote access to its resources. The procedure to do this varies based on the server's operating system.

Linux hosting accounts

For Linux hosting accounts, create or modify the .htaccess file in the directory where you want to permit CORS requests. Add the following line to the .htaccess file:

Header set Access-Control-Allow-Origin "*"
Windows hosting accounts

For Windows hosting accounts, create or modify the web.config file in the directory where you want to permit CORS requests. Add the following lines to the web.config file:

<configuration> <system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> </customHeaders> </httpProtocol> </system.webServer> </configuration>
If the web.config file already exists in the directory, you may only need to add the section or section.

More Information

For more information about CORS, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.