CORS (Cross-origin resource sharing) in Salesforce

CORS (Cross-origin resource sharing) in Salesforce

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

CORS is a feature that block web pages making requests to different domains apart from the served domain. It avoids unauthorised requests. CORS does checks for the headers in the HTTP Requests and responses. If the domain1 wants to allow requests from domain2, it will set Access-Control-Allow-Origin Header in its responses to domain 2. So, the browser will allow the web page from domain2 to make requests to the domain1.

To allow client applications running in a web browser to access Salesforce information, you need to register the origin first. On your Salesforce ORG, go to Setup -> Security -> CORS. Include all the domains that need to access Salesforce resources through a web browser.

Salesforce will return the origin in the “Access-Control-Allow-Origin HTTP” header, along with any additional CORS HTTP headers, hence the browser will allow the request.

These Salesforce technologies support CORS.
Analytics REST API
Bulk API
Chatter REST API
Salesforce IoT REST API
Lightning Out
REST API
User Interface API
Apex REST

Leave a Reply