CloudSign provides support for CORS to make it easier to also use Web API from JavaScript.
CORS Origin settings
1.Log into CloudSign and access your team.
2.An input field for the CORS Origin URL is available, so enter details into the web app URL scheme and host name fields that use the CloudSign Web API. (E.g.: https://origin.example.com)
Behavior when running the Web API
When JavaScript is used to access the CloudSign Web API spanning domains, browsers automatically append the following header.
Origin: https://origin.example.com
When the CloudSign Web API checks the details of the Authorization
header, it also checks the details of the Origin
header. When doing so, the Origin
header responds with a value, and if it is the same as the value specified in 2., the request is processed normally.
If the value specified for the Origin
header differs to that specified in 2., it returns a HTTP 400 bad response status.
Precautions
Each API can be used with the access token obtained from the CloudSign Web API.Each API supports CORS, however from a security perspective, obtaining an access token does not ensure CORS-compatibility.
Reference
CORS is an abbreviation of Cross-Origin Resource Sharing that was developed to allow browsers to access resources (images, style sheets, JSON, etc.) that exist on domains outside the site actually being accessed.Please see Cross-Origin Resource Sharing for more details.