This section describes how secure a Digizuite installation using CORS.
Recommendation
Digizuite is recommended to have CORS setup in order to avoid malicious requests.
Digizuite DAM Center
CORS can be enabled by editing Digizuite web.config and adding the following line under appSettings:
<add key="Access-Control-Allow-Origin" value="https://allowed_1.example.com https://allowed_2.example.com https://allowed_3.example.com" />
If the installation is running under a non standard port it should be specified as well
<add key="Access-Control-Allow-Origin" value="https://allowed_1.example.com:888 https://allowed_2.example.com:889 https://allowed_3.example.com:890" />
The recommended value should contain the URL of the Digizuite installation and the domains of the additional applications/integrations:
<add key="Access-Control-Allow-Origin" value="https://dc.digizuite.com https://mm.digizuite.com https://other-client-intergation-app.digizuite.com" />
Digizuite Core and Commenting Services
Edit the files DZ_INSTALL_PATH\Comment\appsettings.json and DZ_INSTALL_PATH\DigizuiteCore\appsettings.json and edit the following section
"CORS": { "AllowOrigins": [ ], "AllowCredentials": false }
to
"CORS": { "AllowOrigins": [ "http://allowed_1.example.com:4200", "https://allowed_2.example.com" ], "AllowCredentials": false }
It is extremely important to note that the origins should NOT end with a "/".
After editing the files, restart the DC site from IIS Manager.