Use CORS for resource sharing in Azure Data Manager for Energy
This document is to help you as user of Azure Data Manager for Energy to set up CORS policies.
What is CORS?
CORS (Cross Origin Resource Sharing) is an HTTP feature that enables a web application running under one domain to access resources in another domain. In order to reduce the possibility of cross-site scripting attacks, all modern web browsers implement a security restriction known as same-origin policy, which prevents a web page from calling APIs in a different domain. CORS provides a secure way to allow one origin (the origin domain) to call APIs in another origin. You can set CORS rules for each Azure Data Manager for Energy instance. When you set CORS rules for the instance, it gets applied automatically across all the services and storage accounts linked with your Azure Data Manager for Energy resource. Once you set the CORS rules, then a properly authorized request made against the service evaluates from a different domain to determine whether it's allowed according to the rules you've specified.
Enabling CORS on Azure Data Manager for Energy instance
Create an Azure Data Manager for Energy instance.
In the Resource Sharing(CORS) tab, select Allowed Origins.
If you explicitly want to have *(Wildcard), then in the allowed origin * can be added.
If no setting is enabled on CORS page it's defaulted to Wildcard*, allow all.
The other values of CORS policy like Allowed Methods, Allowed Headers, Exposed Headers, Max age in seconds are set with default values displayed on the screen.
Next, select “Review+Create” after completing other tabs.
Select the "Create" button.
An Azure Data Manager for Energy instance is created with CORS policy.
Next, once the instance is created the CORS policy set can be viewed in instance overview page.
How are CORS rules evaluated?
CORS rules are evaluated as follows:
- First, the origin domain of the request is checked against the domains listed for the AllowedOrigins element.
- Rules evaluation proceeds if the origin domain is included in the list or all domains are allowed with the wildcard character (*). If the origin domain isn't included, the request fails.
Limitations on CORS policy
The following limitations apply to CORS rules:
- You can specify up to five CORS rules per instance.
- The maximum size of all CORS rules settings on the request, excluding XML tags, shouldn't exceed 2 KiB.
- The length of allowed origin shouldn't exceed 256 characters.
- CORS policy once set up during provisioning can be modified only through a Support request
- To learn more about CORS