function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Callie TomlinsonCallie Tomlinson 

Whitelisting an origin for CORS in salesforce.

No matter which domain I pass in, I cannot get it to work. How do I whitelist a domain for CORS in salesforce?
Best Answer chosen by Callie Tomlinson
jigarshahjigarshah
Callie,

You can whitelist domains for CORS by navigating to Setup > Security > CORS > New. Provide the url of the domain to be whitelisted in the following format - https://*.example.com and then click Save. This should help you whitelist the domain. Refer the snapshot below.
CORS Setting within Salesforce

CORS basically means Cross Object Resource Sharing and is a security norm enforced, that permits Javascript running on a remote server only from whitelisted endpoints through CORS to communicate with Salesforce. Refer the following article on how to Use CORS to Access Supported Salesforce APIs, Apex REST, and Lightning Out (https://help.salesforce.com/articleView?id=extend_code_cors.htm&type=0) to get a better understanding around the same.

Please mark the thread as SOLVED and answer as the BEST ANSWER if it helps address your issue.

All Answers

jigarshahjigarshah
Callie,

You can whitelist domains for CORS by navigating to Setup > Security > CORS > New. Provide the url of the domain to be whitelisted in the following format - https://*.example.com and then click Save. This should help you whitelist the domain. Refer the snapshot below.
CORS Setting within Salesforce

CORS basically means Cross Object Resource Sharing and is a security norm enforced, that permits Javascript running on a remote server only from whitelisted endpoints through CORS to communicate with Salesforce. Refer the following article on how to Use CORS to Access Supported Salesforce APIs, Apex REST, and Lightning Out (https://help.salesforce.com/articleView?id=extend_code_cors.htm&type=0) to get a better understanding around the same.

Please mark the thread as SOLVED and answer as the BEST ANSWER if it helps address your issue.
This was selected as the best answer
Callie TomlinsonCallie Tomlinson
AWESOME! However, I am a little confused on which origin to add. Do I add the URL of the web app that I created, that is trying to call the salesforce API?
jigarshahjigarshah
Yes that is correct.
Callie TomlinsonCallie Tomlinson
That still does not seem to work :/
Callie TomlinsonCallie Tomlinson
Is there anything I need to do after saving?
 
jigarshahjigarshah
Nope not that I am specifically aware of. But I will check and let you know.
Callie TomlinsonCallie Tomlinson
I may know the answer, will it work with a static site subdomain? its something like MYAPP/herokuapp.com/index.html#intro 
I used a php file in order to be able to deploy my static site to heroku (thought it would fix the CORS issue) and I still have not built the backend yet. So I cannot set specifc routes. I am wondering if i cannot read the subdomain?
jigarshahjigarshah
You can also use a wildcard character "*" in the url to be whitelisted for CORS. That could help.
Roy J 6Roy J 6
i tired @jugarshah still i am getting same CORS origin error,i am using localhost 
Juan Pablo JPG GarciaJuan Pablo JPG Garcia
Hello. @jigarshah is it possible to do that inside a community? I mean can you whilelist domains for CORS on communities?