Access to Generic Inquiries Through OData: To Configure CORS

In MYOB Acumatica, cross-origin resource sharing (CORS) is used to allow access to OData endpoints for client-side applications. To enforce limitations on CORS requests, you change the CORS settings for the web server of your MYOB Acumatica instance.

CAUTION:

Because saving changes in web.config restarts the site of the application, make sure that all users of your website are warned about the site restart so that they can save all documents.

To Configure CORS

Open the web.config file, which is located in the folder that contains the application instance website.

In the file, find the cors section, shown below, within the odata section.

<px.core>
    ...
    <odata enableCompression="true" compressionThreshold="860">
        <cors enabled="true" origins="*" methods="*" headers="*" 
        exposedHeaders="DataServiceVersion,MaxDataServiceVersion,OData-Version,
        OData-MaxVersion" />
    </odata>
    ...
</px.core>

Specify the CORS settings in the cors section as follows:
- To enable CORS, set enabled="true".
- To disable CORS, set enabled="false".
- To limit the origins that are allowed access to the application web server, for the origins parameter, list the allowed origins separated by commas.
- To allow all origins, set origin="*".
- To limit the methods supported by the resource, for the methods parameter, list the allowed methods, separated by commas.
- To allow all methods, set methods="*".
- To limit simple headers supported by the resource, for the headers parameter, list the allowed simple headers separated by commas.
- To allow all simple headers, set headers="*".
- To add your own headers, for the exposedHeaders parameter after the default headers, list the allowed headers separated by commas.
Save the web.config file, which automatically restarts the website.