SAS Viya servers can provide support for Cross-Origin Resource Sharing (CORS), a technique enables Javascript on a web page to consume a REST API served from a different origin. CORS is implemented when a server is configured to include additional HTTP headers to let a user agent access selected resources from a server on a different origin (or domain) than the site currently in use. A user agent makes a cross-origin HTTP request when it requests a resource from a different domain, protocol, or port than the one from which the current document originated.
In the simplest scenario, cross-origin communications starts with a client
making a GET, POST, or HEAD request against a resource endpoint on the server.
The request includes an Origin
header that indicates the origin of the client code.
The server considers the request's Origin
and either allows or disallows the
request. If the server allows the request, then it responds with the requested
resource and an Access-Control-Allow-Origin
header in the response.
This header indicates to the client which client origins should be permitted
to access the resource. Assuming that the Access-Control-Allow-Origin
header matches the request's Origin
, the browser allows the request.
If Access-Control-Allow-Origin
is missing in the response or if its
value does not match the request's Origin
, the browser disallows the request.
If you want to enable developers to utilize SAS Viya REST APIs in web applications, you must enable CORS support in the SAS Viya environment using SAS Environment Manager. To configure or update the setting:
sas.commons.web.security.cors
from the list of configuration definitions.
New Configuration
button if you are setting the CORS options for the first time.allowCredentials
is enabled. Set the allowHeaders
,
allowMethods
, and allowOrigins
properties to *
(or wildcard)
to accept all values. Specify a comma-separated list of values for each setting
that are enabled by default in cross-origin requests.That's it. The CORS setting is in effect for all services supporting the SAS Viya REST APIs.