Milestone Logo
MIP SDK
Quickstart
XProtect licenses
Using Postman
CORS
Protocol, component or plug-in
APIs
Configuration
Events
Alarms
Control
Video, Audio & Metadata
Authentication
Access Control
Licensing
Status

Cross-Origin Resource Sharing (CORS)

The API Gateway can be configured to support Cross-Origin Resource Sharing (CORS). The following response headers are supported:

You can enable CORS by creating appsettings.production.json and adding the json shown below:

{
    ...,
    "CORS": {
        "Enabled": true,
        "Access-Control-Allow-Origin": "yourdomain1.com,yourdomain2.com",
        "Access-Control-Allow-Headers": "Content-Type",
        "Access-Control-Allow-Methods": "*"
    }
}
Only required response headers should be defined. Each response header can have multiple values, provided as a list of comma-separated values.

For development and test purposes, you can use a very permissive policy:

{
    ...,
    "CORS": {
        "Enabled": true,
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Headers": "*",
        "Access-Control-Allow-Methods": "*"
    }
}
For security reasons, we recommend to always specify the Access-Control-Allow-Origin value with explicit origins. Never use wildcard (*) or null in your origin as this can put the security of your system at risk.
Cookie Policy · © 2022 Milestone Systems A/S - All rights reserved · Privacy Policy