CORS Protocol Support

Add CORS (cross-origin resource sharing) Support behavior to the property that contains the protected resource you're calling from another domain.

Why you need itse

If you use the Bot Manager Premier's inline telemetry feature to cover cross-domain requests, you can add the CORS Protocol Support behavior to the property that contains the protected resource you're calling.

How it works

Add this behavior to the property that contains the protected resource requests call from another domain.

📘

This behavior requires allowing requests that use the OPTIONS method. See the Allow OPTIONS behavior.

Implementation

How you set up CORS Support behavior depends on whether requests originate from the same domain or a different domain, and whether protected requests are HTML form submissions.

Request originBehavior setup

Same-domain HTML form submissions

Add the behavior with no setting changes.

Cross-domain HTML form submissions

Add the behavior with no setting changes.

Same-domain non-HTML form submissions (AJAX requests)

Set up CORS Support in the behavior to allow credentials.

Cross-domain non-HTML form submissions (AJAX requests)

Set up CORS Support in the behavior to allow the Akamai-BM-Telemetry header. Allowing credentials is not necessary.

For more details, read about this behavior in the Bot Manager Help.

Features and options

FieldWhat it doesSub-options

Enabled

Enables or disables this behavior.

N/A

Allow Origins

Choose whether to accept requests from any hostname or specific hostnames.

  • Any
  • Specified

Origins

With Allow Origins set to Specified, displays a list of the specified hostnames to accept requests from.

N/A

Allow Credentials

Accepts requests with credentials. Turn on for same-domain non-HTML form submissions (AJAX requests).

N/A

Allow Headers

Choose whether to allow headers or specific hostnames when making the request. Turn on for cross-domain non-HTML form submissions (AJAX requests) and select Specified. Then in Headers, enter BM-Telemetry.

  • Any
  • Specified

Headers

With Allow Headers set to Specified, select a specified header.

N/A

Methods

Specifies any combination of the following methods: DELETE, GET, PATCH, POST, and PUT that are allowed when accessing the resource from an external domain.

N/A

Expose Headers

Lists the name of headers that clients can access. This feature supports variable expression syntax. Type {{ in the option field to trigger variable auto-complete.

N/A

Preflight Max Age

The number of seconds that the browser should cache the response to a preflight request.

N/A

Common Media Client Data & AMD

Are you using Adaptive Media Delivery (AMD) to deliver your content and want to support Common Media Client Data (CMCD) with your media player? If so, you'll need to set up the CORS Protocol Support behavior to support it. Have a look at Common Media Client Data & AMD for full details.