Welcome to the new Box Support website. Check out all the details here on what’s changed.

Box-content-preview, how to allow all origins? (CORS Domains)

Answered
New post

Comments

6 comments

  • Dev360

    I created a support ticket, and it's not possible. 

     

    We'll use embedLink.

    0
    Comment actions Permalink
  • atriumdan

    You can use wildcards.

    0
    Comment actions Permalink
  • dwaites

    Do you have a link for docs on how the wildcards would work?

    0
    Comment actions Permalink
  • tonyjin

    Wildcards are only supported for subdomains I believe, e.g. https://*.foo.com. We're working on a different CORS solution that defaults to allowing all traffic, but don't have an ETA yet.

    0
    Comment actions Permalink
  • richardtallent

    Any news on this?

    I'm evaluating Box for an application for a client who uses Box, and we would need the ability to set the Access-Control-Allow-Origin: null to allow a local HTML file (not server-hosted) to make requests. I believe "*" would work as well, since we're sending tokens, not credentials.

    Local HTML applications may be unusual, but they are a low-cost, simple solution for a client who has a small team who need access a simple, cross-platform application (mixed Windows/Mac environment). They have no budget to deal with the red tape of getting web hosting approved through their own IT department, and they have the same issue if we were to try to create a traditional desktop app. But they do use Box, so Box would be a great place to load and store the data the app needs.

    0
    Comment actions Permalink
  • testerjoncloud

    Seconded. When is this feature going to be allowed?

    0
    Comment actions Permalink

Please sign in to leave a comment.