API Origins Whitelist

Why

Querying or embedding a content from Alpana into another website requires to be allowed from Alpana.
This is called Cross-origin resource sharing , see also Same-origin policy.

If you fail to do so, you won’t be able to query or embed Alpana content from your application, and you will get a typical CORS error like :

Access to XMLHttpRequest at 'http://xxx.xxx.xxx.xxx:xxx' from origin 'http://yyy.yyy.yyy.yyy:yyy' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This is a normal thing, for security purposes.
For example, the https://www.google.com/ URL currently refuses to be embedded inside an iframe of another website.

In Alpana, you can create an exception, to allow a specific “foreign website” to access Alpana content.

*If you are making queries from Javascript code in a local HTML file open in your browser, you won’t be able to make a query and your browser will probably block you.
If you really just want to test that your code works, then your browser may let you disable security for this.
Check your browser documentation or internet (e.g. Chrome.exe --disable-web-security)

Creating an exception

On the Host of the Alpana Server; go under Administration > Settings > API Origins Whitelist and click Add New :

Configuration

In the configuration window, fill in the details :

• Origin : this is the URL of your application. The format is (protocol)://(site):(port) with no trailing slash /. Examples : https://www.google.com:80, http://123.456.789:81
• Target Tenant : the tenant that will accept the queries or embedding
• Active : the exception is Active or not

Click OK.

At the top of Administration > Settings > API Origins Whitelist, don’t forget to click Save All :

Deleting an exception

To delete the desired exception from the list, click Action > Delete in front of it :

Code192 2020 All rights reserved