When you initiate a trigger from an external web page hosted outside the SnapLogic® domain, the browser enforces Cross-Origin Request Sharing (CORS) access control to secure cross-domain data access. Because of CORS restrictions, the request from outside the SnapLogic domain fails. However, if you configure the list of domains that can make cross-origin requests to the trigger, then those domains can access it. To configure this setting contact SnapLogic Support. Learn more about Cross-Origin Resource Sharing.
CORS settings do not apply to requests initiated from outside a browser. If an IP Address Allowlist is enabled, the IP address of the machine where the browser session is running must be part of the IP Address Allowlist. If this is not feasible, the workaround is to modify the settings such that the Triggered Task is invoked from a back-end server instead of the client side. In that case, only the back-end server needs to be allowed, and CORS do not apply because the Triggered Task request is not invoked from the browser.
Manage the CORS allowlist
- Specify the CORS domain URL preceded by either http:// or https://, to allow in the field and select Add domain.
- The domain ranges are stored when you click Save provided at the bottom of the screen.
- To remove a CORS domain, select the checkbox next to the domain and click Remove at the top of the list.