Developer Documentation Library > Web API > Web API application > CORS (Cross-Origin Resource Sharing) in the Web API
 
CORS (Cross-Origin Resource Sharing) in the Web API
The Web API supports configuration of CORS policies for requests originating from JavaScript running in a browser. By default, the WebApi allows requests from all origins.
To restrict access to JavaScript hosted on the same server as the Web API, set the AllowAll property to False.
To restrict access to specific origins, set the AllowAll property to False, and then list the specific origins as properties under \Site\Properties\WebApi\Cors\AllowedOrigins.
See
Web API application