CORS (Cross-Origin Resource Sharing) is a mechanism by which data or any other resource of a site could be shared intentionally to a third party website when there is a need. Generally, access to resources that are residing in a third party site is restricted by the browser clients for security purposes. Although you may not notice it, the web pages you visit make frequent requests to load assets like images, fonts, and more, from many different places across the Internet. If these requests for assets go unchecked, the security of your browser may be at risk. For example, your browser may be subject to hijacking, or your browser might blindly download malicious code. As a result, many modern browsers follow security policies to mitigate such risks.

Here at Tribe, By default we don’t let other domains to send frontend AJAX requests to our customer community’s API endpoints. This will prevent third party sites to identify information about the logged in user in the community. In some cases, our clients have a trusted domain (e.g. their product domain) and they want to send API requests from frontend to their community. In these cases, we’ll add the origin domain/address to CORS whitelist. This means that the community will accept AJAX requests from that particular root address. This does not have any security implications since the origin is a trusted address and is controlled only by our customer.

In order to get an origin whitelisted, Customers need to contact us at [email protected] and let us know what origin they want us to add to CORS whitelist. Origin here refers to the root address that they want to send request from. Please note that the origin should include the protocol and the port. Please note that the origin should include the protocol and the port. For instance http://localhost:3000 or https://dev.test.com

Hope this helps!

Did this answer your question?