Enabling CORS for a Web Service

To incorporate resources from a different origin into your web application, configure CORS for the server hosting those resources.

  1. Refer to the web service documentation or contact the web service administrator to verify if the web service allows cross-origin requests using CORS.
    Note The target web service must enable cross-origin requests to allow HTTP requests from a WebVI executing in the development environment. Refer to Hosting a Web Application During Development for more information.
  2. Determine whether the web service requires credentialed CORS requests.
    If the web service requires credentialed requests, refer to Sending a Credentialed Cross-Origin HTTP Request to configure your application to send credentialed requests.
  3. Ensure the web service administrator includes an Access-Control-Allow-Origin header in HTTP responses to enable cross-origin HTTP requests to the web service.

    • For non-credentialed simple CORS requests, set the Access-Control-Allow-Origin header to one of the following values:

      • The wildcard value (*) that allows any origin to access a resource. NI recommends using this value only during the development of your application.
      • The origin of the web application performing the HTTP request.

    • For credentialed simple requests, ensure the web service includes the following header values in responses to the web application:

      • Access-Control-Allow-Origin header set to the origin of the web application performing the HTTP request.
      • Access-Control-Allow-Credentials header set to True.
Refer to the Mozilla Developer Network documentation on HTTP access control for additional information on advanced CORS configurations, including:
  • Responding to a CORS preflight request during a non-simple CORS request
  • Handling headers for browser caches
  • Accepting additional request headers from a browser
  • Allowing the browser to have access to additional response headers