Smile CDR v2022.08.PRE
On this page:
   37.21    Credentials 37.23    Database   

37.22Cross-Origin Resource Sharing (CORS)

 

The Cross-Origin Resource Sharing (CORS) configuration category includes the following configurable options:

  • CORS Allowed Request Headers

  • CORS Enabled

  • CORS Origins

37.22.1Property: CORS Allowed Request Headers

 
Property Name CORS Allowed Request Headers
Property Key
Property Type STRING
Description A comma-separated list of allowable request headers for the CORS filter. These will be added in addition to the default headers required for Smile CDR's default functionality.
Applies to Modules
  • CDS Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • Payer to Payer
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • appSphere
Default Value (no default)
Example Property
module.[MODULE_ID].config.cors.allowed_headers = 

37.22.2Property: CORS Enabled

 
Property Name CORS Enabled
Property Key
Property Type BOOLEAN
Description Should this endpoint allow the use of CORS? Enable this item only if you understand what it is doing.
Applies to Modules
  • CDS Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • Payer to Payer
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • appSphere
Default Value false
Example Property
module.[MODULE_ID].config.cors.enable = false

37.22.3Property: CORS Origins

 
Property Name CORS Origins
Property Key
Property Type STRING
Description A comma-separated list of allowable origins for the CORS filter. For example: https://example.com, https://try.smilecdr.com:9201. You may also use the wildcard value * to allow CORS for all domains, however this is generally not considered a good practice for production systems serving sensitive data.
Applies to Modules
  • CDS Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • Payer to Payer
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • appSphere
Default Value *
Example Property
module.[MODULE_ID].config.cors.origins = *
   37.21    Credentials 37.23    Database