Setting Cross-Origin Resource Sharing (CORS) domains
Use the CORS page in Subscriptions Settings to control which domains can access your public APIs. This prevents bad actors from attempting to imitate your site or spoof your domain.
Only the domains you add are allowed to access the public APIs. The system restricts all requests from domains not included in this list.
Your media organization needs to allow your JavaScript application running on subdomain.example.com to access resources from your APIs while maintaining security.
You access the CORS Domains section in Subscriptions Settings to add https://*.example.com to your allowed origins list.
After saving the configuration, you test the integration and ensure you protect your site by limiting public API access to only trusted domains while ensuring your applications work properly.
Procedure
To add new approved domains, complete the following:
Navigate to Subscriptions > Settings > Security > CORS Domains. The CORS Domains page opens, showing a list of previously approved domains.
Enter a domain name in the text field.
Click Add domain.
Click Save.
After configuring your first CORS domain, the system automatically adds the admin URL to ensure functionality. You cannot edit or remove this admin URL unless you delete all other domains first.