On this page:
   34.15    Credentials 34.17    Database   

34.16Cross-Origin Resource Sharing (CORS)

 

The Cross-Origin Resource Sharing (CORS) configuration category includes the following configurable options:

  • CORS Enabled

  • CORS Origins

34.16.1Property: CORS Enabled

 
Property Name CORS Enabled
Property Key
Property Type BOOLEAN
Description Should this endpoint allow the use of CORS? Enable this item only if you understand what it is doing.
Applies to Modules
  • Application Gallery
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
Default Value false
Example Property
module.[MODULE_ID].config.cors.enable = false

34.16.2Property: CORS Origins

 
Property Name CORS Origins
Property Key
Property Type STRING
Description A comma-separated list of allowable origins for the CORS filter. For example: https://example.com, https://try.smilecdr.com:9201. You may also use the wildcard value * to allow CORS for all domains, however this is generally not considered a good practice for production systems serving sensitive data.
Applies to Modules
  • Application Gallery
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
Default Value *
Example Property
module.[MODULE_ID].config.cors.origins = *
   34.15    Credentials 34.17    Database