Cross-Origin Resource Sharing (CORS)
The Cross-Origin Resource Sharing (CORS) configuration category includes the following configurable options:
Property: CORS Allowed Request Headers
Property Name
|
CORS Allowed Request Headers
|
Property Key
|
|
Property Type |
STRING
|
Description |
A comma-separated list of allowable request headers for the CORS filter. These will be added in addition to the default headers required for Smile CDR's default functionality.
|
Applies to Modules |
-
CDS Hooks REST Endpoint
-
EasyShare SHL Endpoint (Admin)
-
EasyShare SHL Endpoint (Public)
-
FHIR Gateway REST Endpoint
-
FHIR REST Endpoint (All FHIR Versions)
-
FHIR REST Endpoint (DSTU2 - Deprecated)
-
FHIR REST Endpoint (R3 - Deprecated)
-
FHIR REST Endpoint (R4 - Deprecated)
-
Hybrid Providers REST Endpoint
-
JSON Admin API
-
MDM UI
-
Package Registry Endpoint
-
Payer to Payer
-
SMART Outbound Security
-
appSphere
|
Default Value |
(no default)
|
Example Property |
module.[MODULE_ID].config.cors.allowed_headers =
|
Property: CORS Enabled
Property Name
|
CORS Enabled
|
Property Key
|
|
Property Type |
BOOLEAN
|
Description |
Should this endpoint allow the use of CORS? Enable this item only if you understand what it is doing.
|
Applies to Modules |
-
CDS Hooks REST Endpoint
-
EasyShare SHL Endpoint (Admin)
-
EasyShare SHL Endpoint (Public)
-
FHIR Gateway REST Endpoint
-
FHIR REST Endpoint (All FHIR Versions)
-
FHIR REST Endpoint (DSTU2 - Deprecated)
-
FHIR REST Endpoint (R3 - Deprecated)
-
FHIR REST Endpoint (R4 - Deprecated)
-
Hybrid Providers REST Endpoint
-
JSON Admin API
-
MDM UI
-
Package Registry Endpoint
-
Payer to Payer
-
SMART Outbound Security
-
appSphere
|
Default Value |
false
|
Example Property |
module.[MODULE_ID].config.cors.enable = false
|
Property: CORS Origins
Property Name
|
CORS Origins
|
Property Key
|
|
Property Type |
STRING
|
Description |
A comma-separated list of allowable origins for the CORS filter. For example: https://example.com, https://try.smilecdr.com:9201 . You may also use the wildcard value * to allow CORS for all domains, however this is generally not considered a good practice for production systems serving sensitive data.
|
Applies to Modules |
-
CDS Hooks REST Endpoint
-
EasyShare SHL Endpoint (Admin)
-
EasyShare SHL Endpoint (Public)
-
FHIR Gateway REST Endpoint
-
FHIR REST Endpoint (All FHIR Versions)
-
FHIR REST Endpoint (DSTU2 - Deprecated)
-
FHIR REST Endpoint (R3 - Deprecated)
-
FHIR REST Endpoint (R4 - Deprecated)
-
Hybrid Providers REST Endpoint
-
JSON Admin API
-
MDM UI
-
Package Registry Endpoint
-
Payer to Payer
-
SMART Outbound Security
-
appSphere
|
Default Value |
*
|
Example Property |
module.[MODULE_ID].config.cors.origins = *
|