Access-Control-Allow-Origin - XMLHttpRequest
Question
Application Type
Reactive

Guys, I have a question, and after researching I didn't come to a plausible solution, have you guys gone through this error?

- I'm trying to access a script library outside of domino where I have application.

- In LifeTime I already configured it to allow accessing scripts from different domains.


Well the error is:

Access to XMLHttpRequest at 'https://dominio-do-script.com.br/' from origin 'https://meuambiente-os.outsystemsenterprise.com' has been blocked by CORS policy: No 'Access-Control-Allow- Origin' header is present on the requested resource.



Can someone who is more focused on OS infrastructure, can shed some light on how to adjust OutSystems CORS to allow access from other domains?

Hi Lucas Soares,

My name is Cristian and I am helping in the forum.

I have seen the error you mention before and it happens when you query data from an external server.

Let's say that I have my bakeend made in nodejs with express and from another server I have the front end queried data.

The server where it is in the backend for security should register the IP of the servers who are allowed to consult them.

Now how we enable it, that depends on what language the backend is in.

Example nodeJS.

I hope this information helps you.

Greetings.

Below suggestion for Security Setting :

- Use for redirection with object's url should be allow 

  1. Frame-ancestors - Specifies the domains which are allowed to embed the application in a frame. The following source expressions are allowed: 'self' and *.
  2. Object-src - Specifies the domains from which the application is allowed to load objects (for <object>, <embed> and <applet> elements). The following source expressions are allowed: 'self' and *.
  3. Child-src - Specifies the domains which the application is allowed to embed framed. The following source expressions are allowed: 'self' and *.

Values -

  1. self
  2. login.microsoftonline.com

- Use for images 

  1. Img-src - Specifies the domains from which the application is allowed to load images. The following source expressions are allowed: 'self', data: and *.

- Use for Style 

  1. Style-src - Specifies the domains from which the application is allowed to load styles. The following source expressions are allowed: 'self', data: and *.

Refer below url

https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Apply_Content_Security_Policy

Regards,

Shahaji 

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.