# Cross Origin Resource Sharing

> Cross Origin Resource Sharing. CORS allows for HTTP requests from one origin to another, despite a browser's Same-Origin policy, which prevents client-side web applications located in one domain from obtaining data from an application in a different domain. The browser compares the origins of resource request and returns an Access-Control-Allow-Origin error if the origins do not match.

*Source: https://docs.sisense.com/main/SisenseLinux/cross-origin-resource-sharing.htm*

---

Last updated: June 10, 2026

|  |  |
| --- | --- |
| [Tier](https://www.sisense.com/pricing/#pricing) | [Deployment](https://docs.sisense.com/main/SisenseLinux/introduction-to-sisense-cloud-managed-services.md#ComparisonofManagedCloudandSelfHosted) |
| Enterprise | Cloud     On-Prem |

CORS allows for HTTP requests from one origin to another, despite a browser's Same-Origin policy, which prevents
client-side web applications located in one domain from obtaining data from an application in a different domain.
The browser compares the origins of resource request and returns an Access-Control-Allow-Origin error if the origins
do not match.

CORS is relevant when your site or application attempts to access Sisense resources (e.g. images or videos) through
the Sisense API from your site or application across origins. For example, your dashboard is embedded within an
iFrame on your site and your site or application attempts to access resources in the iFrame or you make AJAX
requests. To work around this limitation, your browser and server use HTTP headers to define which users can request
resources from Sisense.

Sisense supports CORS, so if you are building an application requesting resources from Sisense, all you need to do is
send a POST request to allow CORS and define the domains from which cross-domain requests will be made.

Wildcards for CORS in Sisense, such as *\*.sisense.com*, are supported in Sisense versions L2023.7 and newer.

## Enabling CORS

### Enabling CORS via the UI

1. In the **Admin** tab, click **Security and Access** > **Security Settings**.

   ![CORS UI](https://docs.sisense.com/main/Resources/Images/CORS_UI.png)
2. Switch on the toggle for Cross Origin Resource Sharing (CORS).
3. In the CORS Allowed Origins field, enter every domain from which you might make a request to Sisense, and click **Add** after each domain.
4. Click **Save**.

### Enabling CORS using the REST API

To enable CORS using the REST API:

1. From the Sisense REST API, send a POST request to the **settings/system**API.

   ![8 7syssetthumb](https://docs.sisense.com/main/Resources/Images/8-7syssetthumb0300.png)
2. If you have modified the first day of the week, you need to provide your new first day of the week as the value
   of **firstday** key.
3. In the CORS object, set **enabled** to **true**.
4. In the allowedOrigins array, enter every domain from which you might make a request to Sisense. Be sure to
   include the site's protocol and port.

   ```
   {  
    "webServer": {  
     "cors": {  
      "enabled": true,  
      "allowedOrigins": [  
       "http://localhost",  
       "ionic://localhost"  
      ]  
     }  
    }  
   }     
   ```
5. Click **Run**.

   Read more about the API settings [here](http://developer.sisense.com/display/API2/REST+API+Reference+-+v0.9#RESTAPIReference-v0.9-Settings). Read more about CORS [here](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing).
