Cross-Origin Resource Sharing (CORS) is a mechanism that permits loading resources on other origins, such as a domain, protocol, or port, via HTTP headers.

CORS grants these permissions via policies, which specify the approved origin and the match type, which sets the Access-Control-Allow-Origin header if the client’s origin matches the value you provide.

CORS checks if the server permits a request using a ‘preflight request’. In short, CORS defines how a browser and server can interact in order to safely send a cross-origin request (COR).

App Platform

To learn more about configuring CORS, see How to Configure CORS Policies in App Platform.


Client web applications loaded in one domain can interact with resources in a Space with Cross-Origin Resource Sharing (CORS) configured, see How to Configure CORS Policies in Spaces.

Enable cross-origin resource sharing in App Platform.