In the simplest scenario, cross-origin communications starts with a client
making a GET, POST, or HEAD request against a resource endpoint on the server.
The request includes an
Origin header that indicates the origin of the client code.
The server considers the request's
Origin and either allows or disallows the
request. If the server allows the request, then it responds with the requested
resource and an
Access-Control-Allow-Origin header in the response.
This header indicates to the client which client origins should be permitted
to access the resource. Assuming that the
header matches the request's
Origin, the browser allows the request.
Access-Control-Allow-Origin is missing in the response or if its
value does not match the request's
Origin, the browser disallows the request.
If you want to enable developers to utilize SAS Viya REST APIs in web applications, you must enable CORS support in the SAS Viya environment using SAS Environment Manager. To configure or update the setting:
sas.commons.web.security.corsfrom the list of configuration definitions.
New Configurationbutton if you are setting the CORS options for the first time.
allowCredentialsis enabled. Set the
*(or wildcard) to accept all values. Specify a comma-separated list of values for each setting that are enabled by default in cross-origin requests.
That's it. The CORS setting is in effect for all services supporting the SAS Viya REST APIs.