February 27, 2020

CORS (Cross-origin resource sharing) in Salesforce

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

To allow client applications running in a web browser to access Salesforce information, you need to register the origin first. On your Salesforce ORG, go to Setup -> Security -> CORS. Include all the domains that need to access Salesforce resources through a web browser.



Salesforce will return the origin in the "Access-Control-Allow-Origin HTTP" header, along with any additional CORS HTTP headers, hence the browser will allow the request.

These Salesforce technologies support CORS.
Analytics REST API
Bulk API
Chatter REST API
Salesforce IoT REST API
Lightning Out
REST API
User Interface API
Apex REST

https://developer.salesforce.com/docs/atlas.en-us.chatterapi.meta/chatterapi/extend_code_cors.htm

No comments:

Post a Comment