Question5Replies161Views Avinash.Haridasu Member since 2014 260 posts Morgan Stanley Posted: 1 year agoLast activity: 1 year 1 month ago Closed Purpose of Cross Origin Resource Sharing (CORS) rule in Pega 7.2.1Whats the purpose of CORS rule and where exactly do we refer this rule..I'm asking about the rule from which we refer this CORS rule. Low-Code App Development ×Close popoverFacebookTwitterLinkedinEmail Copy Link Copied! Moderation Team has archived post This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question. Posted: 1 year agoAvinash.Haridasu Morgan Stanley replied to Avinash.HaridasuTypo: Pega version 8.2.1 Posted: 1 year agopedel PEGA replied to Avinash.HaridasuThere is plenty of information about CORS on the Internet, e.g., https://en.wikipedia.org/wiki/Cross-origin_resource_sharing Regarding Pega, see: https://community.pega.com/sites/default/files/help_v82/procomhelpmain.htm#security/CORS-policies/sec-create-CORS-policy-tsk.htm FYI: Further enhancements have been made to CORS in 8.3 which is getting closer to GA. Posted: 1 year agoAvinash.Haridasu Morgan Stanley replied to Avinash.HaridasuThanks Lee. The links really helped. However, i'm still unable to figure out where exactly these CORS rules needs to be referred in the application. Below is the statement from the help link you shared: "After you create a CORS policy, you must map the CORS policy to an endpoint to determine where the policy is applied." In which rule Connect REST/Service REST? where exactly we refer this rule Posted: 1 year agoVinayReddy7 Serendebyte replied to Avinash.HaridasuDesigner Studio-->Integration-->Services-->EndPoint CORS Policy Mapping. Here you need to add your endpoint and the CORS policy which you create/created. Posted: 1 year agopedel PEGA replied to Avinash.HaridasuSecurity policies are either System-wide or Application-wide, Examples: Security Policy (password length, etc.) Content Security Policy Cross Origin Resource Sharing (CORS) Attribute Based Access Control (ABAC) have Access Control Policy rules. Role Based Access Control (RBAC) have Rule-Access-Role-Obj (RARO) rules. You do not configure an Access Control Policy or a RARO against individual rules. They are rules that Pega references to enforce security as you have defined it for an Application.