CORS (Cross-Origin Resource Sharing) is a mechanism by which data or any other resource of a website could be shared intentionally to a third party website when there is a need.
Generally, access to resources that are residing in a third party site is restricted by browser clients for security purposes. Although you may not notice it, the web pages you visit make frequent requests to load assets like images, fonts, and more, from many different places across the Internet. If these requests for assets go unchecked, the security of your browser may be at risk.
For example, your browser may be subject to hijacking, or your browser might blindly download malicious code. As a result, many modern browsers follow security policies to mitigate such risks.
At Tribe, by default we don’t allow other domains to send frontend AJAX requests to our customer community’s API endpoints. This will prevent third party sites from identifying information about authenticated users in your community. In some cases, our customers have a trusted domain (e.g. their company or product domain) and they want to send API requests from the frontend to their community on Tribe.
In these cases, Tribe will add the origin domain/address to a CORS whitelist. This means that the community will accept AJAX requests from that particular root address. This does not have any security implications since the origin is a trusted address and is controlled only by our customer.
In order to get an origin whitelisted, customers need to contact us at [email protected] and let us know what origin they want Tribe to add to the CORS whitelist. The "origin" refers to the root address that the customer wants to send request from. Please note that the origin should include both the "protocol" and the "port". For instance http://localhost:3000 or https://dev.test.com
Got any questions? Send us a message at [email protected], or use the bottom right hand corner widget to start a conversation!