Whether you are working with Data-Driven Content objects in SAS Visual Analytics reports, creating a web page using the newly available SAS Visual Analytics SDK (available with SAS Visual Analytics 8.4), configuring an external proxy server for your SAS Viya environment or giving access to REST API's to external applications, you might get errors related to Cross-Origin Resource Sharing (CORS).
A few questions may come to mind:
This is what I will cover in this article.
Let's first describe what Cross-Origin Resource Sharing are used for.
Web browsers are enforcing HTTP requests to come from the same domain for security reasons. CORS is a mechanism implemented to tell the browser that it is fine to let a web site on domainA access resources on domainB. To allow this, the web server should send extra information in the HTTP header:
Now that you have a better understanding about what CORS is. You might wonder why it is important for SAS Visual Analytics. Here are some situations:
In these situations, you need to configure SAS Viya to send information in the HTTP header confirming it is fine if HTTP requests are coming from another domain.
The process is described on https://developer.sas.com/reference/cors/ but I will describe it here with screenshots.
Not all users can change the property. To change the value, the user needs to have Administrative privileges.
Select any image to see a larger version.
Mobile users: To view the images, select the "Full" version at the bottom of the page.
You can set it to * as indicated in the interface. Is it a good practice? I would say no as it would open access to any domain and basically turn off the CORS security. If you have an exhaustive list of domains that are allowed to access the web server, you should enter those domains separated by a comma. An example of how the value might look like:
https://mydomainA.com, https://mydomainB.com, https://mydomainC.com
If you want to allow all the machines on a specific domain, you can use wildcards like this:
*.sas.com
Now you know now how to configure CORS. And now your REST API's, Data-Driven Content objects and SAS Visual Analytics SDK requests from the different domains will be successful without error. There should be no need to change the CORS value unless you want to add or remove domains.
This configuration is not complex but it should be done properly to avoid giving access to too many machines. It is the administrator's responsibility to set the values properly. As Spiderman learned: "With great power comes great responsibility."
Are you ready for the spotlight? We're accepting content ideas for SAS Innovate 2025 to be held May 6-9 in Orlando, FL. The call is open until September 25. Read more here about why you should contribute and what is in it for you!
Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning and boost your career prospects.