If you fail to do so, you won’t be able to query or embed Alpana content from your application, and you will get a typical CORS error like :
Access to XMLHttpRequest at 'http://xxx.xxx.xxx.xxx:xxx' from origin 'http://yyy.yyy.yyy.yyy:yyy' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
This is a normal thing, for security purposes.
For example, the https://www.google.com/ URL currently refuses to be embedded inside an iframe of another website.
In Alpana, you can create an exception, to allow a specific “foreign website” to access Alpana content.
Creating an exception
On the Host of the Alpana Server; go under Administration > Settings > API Origins Whitelist and click Add New :
In the configuration window, fill in the details :
- Origin : this is the URL of your application. The format is
(protocol)://(site):(port)with no trailing slash
/. Examples :
- Target Tenant : the tenant that will accept the queries or embedding
- Active : the exception is Active or not
At the top of Administration > Settings > API Origins Whitelist, don’t forget to click Save All :
Deleting an exception
To delete the desired exception from the list, click Action > Delete in front of it :