CORS Whitelist

Cross Origin Resource Sharing (CORS) allows different web applications to interact with one another through a web browser. Cityworks currently allows limited CORS support for some basic API requests. You can add sites to the whitelist to allow an exchange of information between a known site and your site. To prevent others from using CORS to potentially harm your site, add only those sites that you know are safe to the CORS Whitelist Sites panel. Cityworks denies any site that is not defined.

NOTE: The CORS whitelist only applies to API requests made through a web browser. API requests made outside of a browser (such as via a proxy) still works as before and the whitelist settings has no effect. All other API calls can be protected by adding whitelist values to the list to restrict API access.

NOTE: The Microsoft IIS CORS Module does not need to be installed for this page to work.