Skip to main content

0 questions
0 posts

Do you have questions about CORS?

Log in to ask questions about CORS publicly or anonymously.

Hi Eddie,

CORS (Cross-Origin Resource Sharing) is a mechanism by which data or any other resource of a site could be shared intentionally to a third party website when there is a need. Generally, access to resources that are residing in a third party site is restricted by the browser clients for security purposes. Although you may not notice it, the web pages you visit make frequent requests to load assets like images, fonts, and more, from many different places across the Internet. If these requests for assets go unchecked, the security of your browser may be at risk. For example, your browser may be subject to hijacking, or your browser might blindly download malicious code. As a result, many modern browsers follow security policies to mitigate such risks.

Here at Tribe, By default we don’t let other domains to send frontend AJAX requests to our customer community’s API endpoints. This will prevent third party sites to identify information about the logged in user in the community. In some cases, our clients have a trusted domain (e.g. their product domain) and they want to send API requests from frontend to their community. In these cases, we’ll add the origin domain/address to CORS whitelist. This means that the community will accept AJAX requests from that particular root address. This does not have any security implications since the origin is a trusted address and is controlled only by our customer.

In order to get an origin whitelisted, Customers need to contact us... (More)

Co-founder at Tribe

Currently, the only way to whitelist an origin for CORS is to contact dev@tribe.so39 with the origin that you want.

Please note that the origin should include the protocol and the port. For instance http://localhost:300054 or https://dev.test.com67.

If we see lots of people requesting to whitelist their CORS we're going to add it to the admin UI.