[Factory Configuration] How to enable CORS for multiple domains
Forge component by OutSystems R&D
Application Type
Reactive

Following this post https://www.outsystems.com/forums/discussion/44851/how-to-add-custom-response-headers-manipule-web-config-for-cases-like-cors/ I was able to enable CORS for my application.

Now we have a different situation where the client is using gateway zscaler to redirect and I need to enable CORS for my application and to https://gateway.zscaler.net.

I was able to solve this by allowing CORS to all domains in Factory Configuration:

<add name="Access-Control-Allow-Origin" value="*" />

But for security reasons we don't want to keep it enabled to all and instead just allow CORS for two domains.

How do we allow CORS for two domains?

mvp_badge
MVP

There are some work-arounds / solutions available on the internet that will fix the problem you've described. The most common ones are described here: 

https://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains 

and 

https://stackoverflow.com/questions/17323350/access-control-allow-origin-with-multiple-domains/31084417#31084417

Hope these links will help you solve the issue.

Kind regards,

Remco Dekkinga



Hi Remco,

I have seen those links but I wouldn't know how to translate those solutions into Shared Configurations.

For instance, in one response the user suggested using some kind of regex with Rewrite 2.0:

        <rewrite>            
            <outboundRules>
                <clear />                
                <rule name="AddCrossDomainHeader">
                    <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="true">
                        <add input="{HTTP_ORIGIN}" pattern="(http(s)?://((.+\.)?domain1\.com|(.+\.)?domain2\.com|(.+\.)?domain3\.com))" />
                    </conditions>
                    <action type="Rewrite" value="{C:0}" />
                </rule>           
            </outboundRules>
        </rewrite>

But how would I do something similar in the Shared Configurations?

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.