CORS is a way to make HTTP requests from one origin to another, despite a browser’s Same-Origin policy. The Same-Origin policy prevents client-side web applications located in one domain from obtaining data from an application in a different domain. For example, when requesting resources, the browser compares the origins of the request and if they do not match, the browser returns an Access-Control-Allow-Origin error.

CORS is usually relevant if your dashboard is embedded within an iFrame on your site and your site or application attempts to access resources in the iFrame or if you make AJAX requests across origins.To work around this limitation, your browser and server use HTTP headers to define which users can request resources from Sisense. CORS is relevant when your site or application attempts to access Sisense resources such as through the Sisense API from your site or application.

Sisense supports CORS so if you are building an application requesting resources from Sisense, all you need to do is send a POST request to allow CORS and define the domains from which cross-domain requests will be made.

To enable CORS:

  1. From the Sisense REST API, send a POST request to the settings/system API.
    sysset
  2. In the CORS object, set enabled to true.
  3. In the allowedOrigins array, enter every domain from which you might make a request to Sisense.
    {
      "webServer": {
        "enableSSl": false,
        "cors": {
          "enabled": true,
          "allowedOrigins": [
            "*"
          ]
        }
      }
    }

    Note: When adding domains, remove any https:// prefix in your call and any ports.

  1. Click Run.

Read more about the settings API here| Read more about CORS here.