CORS Policy Configuration

Cross-Origin Resource Sharing (CORS) policy controls how web applications can request resources from a different domain to prevent unauthorized cross-origin access. WSI blocks all cross-origin requests for security reasons, by default. If a web application tries to access WSI from a different domain, the request is rejected, and the browser displays an error.

To enable cross-origin access, specific domains can be permitted by adding the trusted domain to the WhiteListDomain property in the project configuration file located at \GMSProjects\[projectname]\config.

WSI also blocks, by default, cross-origin credential sharing, for example, tokens and session IDs.

To enable cross-origin credential sharing for authenticated requests, you need to additionally set the SupportsCredentials property to True in the project configuration file located at \GMSProjects\[projectname]\config.

For more information, see Configuring CORS for Web Service Interface.

CORS configuration is not required when the project and WSI instance are hosted on one machine, and the WSI web app and Flex web app are hosted on another machine.