Browser security prevents a webpage from making AJAX requests to another domain. This restriction is called “the same-origin policy.” However, there are some situations where you need to let other sites call your web API.
Cross Origin Resource Sharing (CORS) is a W3C standard that allows a server to relax the same-origin policy. When you use CORS, a server can explicitly allow some cross-origin requests while rejecting others.
For more information, see Enabling Cross-Origin Requests in ASP.NET Web API.
The Sitecore.Services.Client Services package registers support for CORS in
initialize pipeline invokes this):
Enable CORS for an EntityService controller
You enable CORS by adding the EnableCors attribute to a controller class and specifying the
methods parameters as needed.
For example, this controller has wildcard values for all of the resource restriction parameters:
[ServicesController][EnableCors(origins: "*", headers: "*", methods: "*")]public class TestController : EntityService<SimpleData>
In production environments, you must use a more restrictive definition of what can access resources.
CORS and th
There is no CORS support for the ItemService.
Sitecore.Services.Infrastructure.Sitecore.Controllers.ItemServiceController is a sealed class so you cannot derive classes from it that specify the