Enable CORS for an Organization

In GoodData you can enable cross-origin resource sharing (CORS) in an organization to get around the same-origin policy browser restrictions. With CORS enabled you can make GoodData resources, which are hosted on one domain, accessible to you from any other domain.

Note

Only users with permission to manage organizations can manage Cross-origin resource sharing.

User interface

API (Bash)

You can add multiple domains as allowed origins directly through the user interface in the Developer settings section:

On homepage, go to Developer settings.
In the Cross-origin resource sharing (CORS) section, click Manage.
The list of allowed origins opens.
Click + Add and type the URL.
Click Add and click Close.

To edit a domain in the allowed origins list, open the list of allowed origins and click the domain name and edit it.

To remove any domain from the allowed origins list, click the bin icon on the right.

To set allowed origins for an organization use the /api/v1/entities/admin/organizations/default API endpoint:

curl -v -X PATCH -H 'Content-type: application/vnd.gooddata.api+json' \
    -H "Authorization: Bearer <token>" \
    -d @organization.json $HOST_URL/api/v1/entities/admin/organizations/default

where organization.json contains

{
    "data": {
        "attributes": {
            "allowedOrigins": [
                "https://some.domain.com",
                "http://another.domain.com"
            ]
        },
        "id": "default",
        "type": "organization"
    }
}

Create an API Access Token

Enable CSP