In PeopleTools 8.55, Cross-Orign Resource Sharing (CORS) is now supported. Don’t know what CORS allows? Here is a good primer on the topic.
The Same-Origin Policy restricts the browser from performing certain actions by scripts or documents based on the origin. The origin is everything in the URL before the path (for example, http://www.example.com). For certain actions, the browser will compare origins and, if they don’t match, won’t allow things to proceed. For example:
- A parent document can’t access the contents of an that comes from a different origin. This prevents a malicious site from opening up your bank’s website and stealing your credentials, as an example.
- While one document can send information to another via a form post, AJAX requests across origins are generally disallowed.
The Same-Origin Policy is a vital piece of web security architecture, but it also poses a problem. What happens when you want to allow a site with a different origin to access your content?
Here is a great example of where CORS support can benefit PeopleSoft. In Enterprise Learning Management, you can link to hosted web-based training. Often, that web-based training is on a different domain. With CORS support, you can add in remote sites in the Web Profile and display remote courses in your ELM environment.
To enable Cross-Origin sites, open your Web Profile. There is a new tab, Authorized Site, that lets you list many sites to support.