Configure CORS origins

Version: 10.4

Universal Tracker supports Cross-origin resource sharing (CORS) out of the box. By default, all origins are allowed. To configure which origins are allowed:

Use a Sitecore Host patch file to update the AllowedOrigins settings in the sitecorehost.xml configuration file. For example:

RequestResponse

<Sitecore>
    <Sitecore.Tracking.Web.Collection>
        <AllowedOrigins>https://example.origin1.net,https://example.origin2.net</AllowedOrigins>
    </Sitecore.Tracking.Web.Collection>
</Sitecore>

To allow all origins, set AllowedOrigins to *. To deny all origins, set AllowedOrigins to Null.

Note

Calls from the site where you have deployed Universal Tracker are always allowed, even if you set AllowedOrigins to Null.

Do you have some feedback for us?

If you have suggestions for improving this article,