Have to add CORS support policy to allow try out option from portal

nikhilchawla
Participant III

Hi,

We have to add CORS support policy in proxy only to support request from Swagger UI Apigee portal for try out option.

By adding this, will there be any security lapses ?

0 1 246
1 REPLY 1

Not applicable

CORS is basically an evolution from SOP (Single origin Policy) where everything that your web page needed was served from a single web server(or single origin). Here origin is defined as a combination of URI scheme, host and port. However the need for CORS is purely driven by the explosive growth and demand of web programming. Today a web site needs to pull data from different API's which may not be from same origin and hence a W3C standard CORS to support. Not all browsers support it but majority of them do.

While CORS enables cross domain requests, its should not be seen as an alternative for security practice. If you need to secure your API's /data, use proper security mechanisms such as OAUTH2 / OpenID etc.