Updating Cross-Origin Resource Sharing (CORS) Policies

This article will help you configure Seeq to allow a third party web application to access the Seeq REST API from the browser.

By default, modern browsers disallow most HTTP requests to domains other than the domain from which the web application was served (i.e. cross-origin requests). HTTP requests to other domains can be enabled by configuring CORS. Lean more about CORS at:

• https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

• https://w3c.github.io/webappsec-cors-for-developers/ 

The "Network/Http/AllowedOrigins" setting is a string value that specifies which remote origin(s) are allowed to make cross-origin requests to the Seeq server. This option can be changed as described in Configuring Seeq.

• If the setting is not configured, then no cross-origin requests are allowed.

• The value may be set to a single remote origin.

seeq config set Network/Http/AllowedOrigins "https://somesite.com"

• The value may be set to a comma-separated list of remote origins that are all allowed to make CORS requests to the server.

seeq config set Network/Http/AllowedOrigins "https://somesite.com,https://someothersite.org:8080"

• Although not recommended for security reasons, the value can also be set to "*" which allows CORS requests from any remote origin.

seeq config set Network/Http/AllowedOrigins "*"

Note: the port should not be specified if it is the default port for the service requested (e.g. port 80 for http, or port 443 for https).