About Cross-Origin Resource Sharing

Cross-origin resource sharing (CORS) is a mechanism that allows resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated.

A partition administrator with the following actions can perform this task:

1. Manage Application Security: Enable or disable CORS and configure the list of allowed websites for CORS.

2. View Application Security: Read-only view of the CORS settings. Users with this action cannot change any configurations.

There are multiple features of the application that require CORS be enabled and configured, including:

• Cobrowse

• Offers

• APIs

For more information about enabling CORS and adding websites to the list of allowed websites, see Enabling Cross-Origin Resource Sharing.

CORS for Cobrowse 

• CORS must be enabled and the websites hosting the cobrowse URL must be added to the list of allowed websites if the Stream URL Contents Cobrowse rule is to be used in the Cobrowse configuration.

CORS for Offers

• CORS must be enabled and the websites on which Offers is enabled must be added to the list of allowed websites. For more information about configuring Offers, see eGain Administrator's Guide to Offers Console.

CORS eGain APIs

• CORS must be enabled and the website invoking an eGain REST API must be added to the list of allowed websites if the APIs are from a web page that is in a domain different from the domain of the application. For example, if the application is in https://company.com domain and the website is in https://company-name-support.com domain, CORS must be configured to allow API requests from the web pages in https://company-name-support.com domain to be sent to the company.com domain.

Related Topics

• Enabling Cross-Origin Resource Sharing