Cross-Origin Resource Sharing (CORS) is a mechanism used by client-side processes to access resources from domains outside their own. This allows such processes to overcome the standard same-origin policy, which prohibits access to external resources/APIs. To use the analytics REST API from outside WSO2 DAS domain, or if the REST API caller is situated in a machine with a different host/port configuration to WSO2 DAS, you need to enable CORS for the analytics REST API.
Follow the steps below to enable CORS for the analytics REST API.
- Navigate to
Add the following configuration within the
Add the domains that you intend to access the REST API as a comma-separated list, within the
<param-value>element under the parameter name
Allowing CORS for the REST API allows access to all the domains specified under the parameter name
cors.allowed.origins. Therefore, list only the required domains as values for this parameter to minimize possible security issues.
The analytics REST API uses the in-built CORS filter of Apache Tomcat to achieve this functionality. For all available parameters that could be specified for this filter, see Container Provided Filters.