Cross Origin Resource Sharing
  • 19 Jul 2022
  • 1 Minute to read
  • Dark

Cross Origin Resource Sharing

  • Dark

CORS allows for HTTP requests from one origin to another, despite a browser’s Same-Origin policy, which prevents client-side web applications located in one domain from obtaining data from an application in a different domain. The browser compares the origins of resource request and returns an Access-Control-Allow-Origin error if the origins do not match.

CORS is relevant when your site or application attempts to access Sisense resources (e.g. images or videos) through the Sisense API from your site or application across origins. For example, your dashboard is embedded within an iFrame on your site and your site or application attempts to access resources in the iFrame or you make AJAX requests. To work around this limitation, your browser and server use HTTP headers to define which users can request resources from Sisense.

Sisense supports CORS so if you are building an application requesting resources from Sisense, all you need to do is send a POST request to allow CORS and define the domains from which cross-domain requests will be made.

Enabling CORS using the REST API

To enable CORS using the REST API:

  1. From the Sisense REST API, send a POST request to the settings/system API.


  2. If you have modified the first day of the week, you need to provide your new first day of the week as the value of “firstday” key.

  3. In the CORS object, set enabled to true.

  4. In the allowedOrigins array, enter every domain from which you might make a request to Sisense. Be sure to include the site's protocol and port..

        "webServer": {
           "cors": {
             "enabled": true,
             "allowedOrigins": [
  5. Click Run.

    Read more about the settings API here . Read more about CORS here .

Was this article helpful?

What's Next