Querying or embedding a content from Alpana into another website requires to be allowed from Alpana.
This is called Cross-origin resource sharing , see also Same-origin policy.

If you fail to do so, you won’t be able to query or embed Alpana content from your application, and you will get a typical CORS error like :

Access to XMLHttpRequest at 'http://xxx.xxx.xxx.xxx:xxx' from origin 'http://yyy.yyy.yyy.yyy:yyy' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This is a normal thing, for security purposes.
For example, the https://www.google.com/ URL currently refuses to be embedded inside an iframe of another website.

In Alpana, you can create an exception, to allow a specific “foreign website” to access Alpana content.

Creating an exception

On the Host of the Alpana Server; go under Administration > Settings > API Origins Whitelist and click Add New :

CORS whitelist add


In the configuration window, fill in the details :

CORS whitelist configure
  • Origin : this is the URL of your application. The format is (protocol)://(site):(port) with no trailing slash /. Examples : https://www.google.com:80, http://123.456.789:81
  • Target Tenant : the tenant that will accept the queries or embedding
  • Active : the exception is Active or not

Click OK.

At the top of Administration > Settings > API Origins Whitelist, don’t forget to click Save All :

CORS whitelist save

Deleting an exception

To delete the desired exception from the list, click Action > Delete in front of it :

CORS whitelist delete click
Last modified: Sep 13, 2021


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment