CORS allowlist

When you initiate a trigger from an external web page hosted outside the SnapLogic® domain, the browser enforces Cross-Origin Request Sharing (CORS) access control to secure cross-domain data access. Because of CORS restrictions, the request from outside the SnapLogic domain fails. However, if you configure the list of domains that can make cross-origin requests to the trigger, then those domains can access it. To configure this setting contact SnapLogic Support. Learn more about Cross-Origin Resource Sharing.

CORS settings do not apply to requests initiated from outside a browser. If an IP Address Allowlist is enabled, the IP address of the machine where the browser session is running must be part of the IP Address Allowlist. If this is not feasible, the workaround is to modify the settings such that the Triggered Task is invoked from a back-end server instead of the client side. In that case, only the back-end server needs to be allowed, and CORS do not apply because the Triggered Task request is not invoked from the browser.


Admin Manager Groundplex allowlist

Manage the CORS allowlist

The CORS domain is compared with the Origin in the header of the request and must be a valid regular expression. To add or remove the domain use the following options:
  • Specify the CORS domain URL preceded by either http:// or https://, to allow in the field and select Add domain.
  • The domain ranges are stored when you click Save provided at the bottom of the screen.
  • To remove a CORS domain, select the checkbox next to the domain and click Remove at the top of the list.