Set up CORS

The page describes instruction for setting CORS.

What is CORS?

CORS (Cross-Origin Resource Sharing) is a web browser security feature that restricts cross-origin HTTP requests. When a web page tries to make a request to a server on a different domain, the browser sends an HTTP request with an "Origin" header indicating the domain that the request is coming from. The server can then use this header to decide whether to allow the request or not.

For more information about CORS, please follow: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.

What is IP whitelisting?

Whitelisting can be used to improve security by ensuring that only approved users or devices have access to sensitive data or systems.

Add header in general

To allow Printlean to make requests to your site server, you need to configure your server to include an "Access-Control-Allow-Origin" header in the response to Printlean's request. This header should contain the domain name of Printlean site: "https://printlean.com".

To enable permission to access for PrintLean your site you should follow steps:

  1. Add the "Access-Control-Allow-Origin" header to your server's response to PrintLean requests.

Access-Control-Allow-Origin: https://printlean.com

  1. To ensure that your server is returning the correct header, check the network tab in your browser's developer tools. If the "Access-Control-Allow-Origin" header is present with "https://printlean.com" , you have successfully configured your server.

  1. Add Printlean's IP address (195.201.22.65) to your whitelist so that Printlean can sends requests multiple times per day.

Technology

The process of configuring CORS will vary depending on the technology used to build your site. For more detailed instructions for your technology, please, visit this link: https://enable-cors.org/server.html.

CORS on Nginx

The following Nginx configuration enables CORS, with support for preflight requests.

location / {
     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' 'https://printlean.com';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain; charset=utf-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' 'https://printlean.com' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
     }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' 'https://printlean.com' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
     }
}

CORS on APAChe

To add the CORS authorization to the header using Apache:

  1. Add the following line inside either the <Directory>, <Location>, <Files> or <VirtualHost> sections of your server config (usually located in a *.conf file, such as httpd.conf or apache.conf), or within a .htaccess file:

<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "https://printlean.com"
</IfModule>

  1. Ensure that your changes are correct:

use apachectl -t to check your configuration changes for errors.

reload Apache to make sure your changes are applied by running the command sudo service apache2 reload or apachectl -k graceful.

PreviousGetting startedNextExplore the interface (Partner Site)

Last updated