[Factory Configuration] How to enable CORS for multiple domains
Forge component by OutSystems R&D
Application Type

Following this post https://www.outsystems.com/forums/discussion/44851/how-to-add-custom-response-headers-manipule-web-config-for-cases-like-cors/ I was able to enable CORS for my application.

Now we have a different situation where the client is using gateway zscaler to redirect and I need to enable CORS for my application and to https://gateway.zscaler.net.

I was able to solve this by allowing CORS to all domains in Factory Configuration:

<add name="Access-Control-Allow-Origin" value="*" />

But for security reasons we don't want to keep it enabled to all and instead just allow CORS for two domains.

How do we allow CORS for two domains?


There are some work-arounds / solutions available on the internet that will fix the problem you've described. The most common ones are described here: 




Hope these links will help you solve the issue.

Kind regards,

Remco Dekkinga

Hi Remco,

I have seen those links but I wouldn't know how to translate those solutions into Shared Configurations.

For instance, in one response the user suggested using some kind of regex with Rewrite 2.0:

                <clear />                
                <rule name="AddCrossDomainHeader">
                    <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="true">
                        <add input="{HTTP_ORIGIN}" pattern="(http(s)?://((.+\.)?domain1\.com|(.+\.)?domain2\.com|(.+\.)?domain3\.com))" />
                    <action type="Rewrite" value="{C:0}" />

But how would I do something similar in the Shared Configurations?

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.