Chatter REST API Developer Guide
jNewer Version Available
Use CORS to Access Supported Salesforce APIs, Apex REST, and Lightning Out
Apex REST,
Bulk API, Chatter REST API, Lightning API, Lightning
Out, REST API, and Wave REST API support CORS
(cross-origin resource sharing). To access these APIs from JavaScript in a web browser, add the
origin serving the script to the CORS whitelist.
| Available in: Salesforce Classic and Lightning Experience |
| Available in: Developer, Enterprise, Performance, and Unlimited |
| User Permissions Needed | |
|---|---|
| To create, read, update, and delete: | Modify All Data |
CORS is a W3C recommendation that enables web browsers to request resources from origins other than their own (cross-origin request). For example, using CORS, a JavaScript script at https://www.example.com could request a resource from https://www.salesforce.com.
If a browser that supports CORS makes a request to an origin in the Salesforce CORS whitelist, Salesforce returns the origin in the Access-Control-Allow-Origin HTTP header, along with any additional CORS HTTP headers. If the origin is not included in the whitelist, Salesforce returns HTTP status code 403.
- From Setup, enter CORS in the Quick Find box, then select CORS.
- Select New.
-
Enter an origin URL pattern.
The origin URL pattern must include the HTTPS protocol (unless you’re using your localhost) and a domain name and can include a port. The wildcard character (*) is supported and must be in front of a second-level domain name. For example, https://*.example.com adds all subdomains of example.com to the whitelist.The origin URL pattern can be an IP address. However, an IP address and a domain that resolve to the same address are not the same origin, and you must add them to the CORS whitelist as separate entries.