Add a cross-origin request rule, which uses cross-origin resource sharing (CORS) to let a web server grant access to restricted resources, such as fonts, JavaScript, images, etc., to an application served by another domain without granting access to those resources beyond a list of predefined origin servers.
Before a CORS request is sent, the originating web server generally sends a
pre-flight OPTIONS
request if the request from the client includes
credentials. This pre-flight request is used to determine if the target server
permits CORS requests to be processed from the originating web server.
PingAccess can evaluate the headers provided in a CORS request to grant or deny access to resources.
In addition to allowing PingAccess to evaluate the CORS request, you can also
allow the request to be handled by the protected application, and let PingAccess
be excluded from the process of evaluating the access request, if the target
application type is API
. To do this with a resource path that
is protected by PingAccess and requires user authentication, configure a second
resource with the same path pattern, but set the Methods
field to OPTIONS
and the Anonymous
option needs to be cleared. This configuration allows the API request being made
to be handled anonymously.