Box-content-preview, how to allow all origins? (CORS Domains)
Answered
We are currently migrating from Crocodoc to the new Box View (using the box-content-preview lib). We are having some problems with the CORS domains of the app.
Problem 1: the field "CORS domains" does not save properly if we try to save it with an empty value. As seen on the screenshot, a "Successfully updated the app." popup appears, yet if I reload the page the urls previously saved are still there.
Problem 2: our customers can use a white-label version of our platform with a custom url, therefore we cannot list all the allowed origins. How do we allow all origins?
-
Any news on this?
I'm evaluating Box for an application for a client who uses Box, and we would need the ability to set the Access-Control-Allow-Origin: null to allow a local HTML file (not server-hosted) to make requests. I believe "*" would work as well, since we're sending tokens, not credentials.
Local HTML applications may be unusual, but they are a low-cost, simple solution for a client who has a small team who need access a simple, cross-platform application (mixed Windows/Mac environment). They have no budget to deal with the red tape of getting web hosting approved through their own IT department, and they have the same issue if we were to try to create a traditional desktop app. But they do use Box, so Box would be a great place to load and store the data the app needs.
Please sign in to leave a comment.
Comments
6 comments