Cross-Origin Resource Sharing (CORS)

While the Cloud Elements UI utilizes browser-based cross-origin resource sharing (CORS) protections, those protections are bypassed if you make calls to any of our APIs which include /api-v2. Because the Cloud Elements APIs do not offer any inherent CORS protection, users and developers are responsible for the management of any necessary CORS-related protections. As always, we strongly recommend you implement any relevant best practices to ensure security for your account, resources, etc.

Things to Know

Any calls made to the Cloud Elements API server (any calls to our server including /api-v2, regardless of environment) will not return the Access-Control-Allow-* headers associated with the response header, regardless of whether the client sends the header or not.

When the HTTP request provides the Origin header and the origin is safelisted from a CORS perspective by the API, return any Access-Control-* headers with the Origin header's value. This is an instance of same origin policy (SOP); see Additional Information for more.

Resolving CORS Issues

Issues or errors regarding CORS are likely being caused by the connecting application, not Cloud Elements. To identify and resolve these errors, check that the application you are attempting to connect with is configured to allow communication outside of its own domain.

Additional Information

To learn more about implementing best practices for CORS protection or related information, contact Customer Success or see the following documentation: