Content

Cross origin resource sharing (CORS)

When a browser is asked to get a piece of data from a resource on another domain the browser will take some security measures. First it will send an OPTIONS request to the resource and checks if the resource returns with an header called: Access-Control-Allow-Origin. This header should contain a value equal to the domain that the user is visiting on the browser. If these are not equal the browser will not send the actual request to the resource. These security measures protect the user from malicious resources that are being called by the website that is being visited.
More information about CORS can be found here.

Request CORS in Multivers Online

When you need to use the WebAPI within a javascript application you can send an email to the support department with a request to add the application to the CORS table.

Server Configuration

When you create a web application that uses the Multivers and Boekhoud Gemak WebAPI an error might occur within your javascript. The browser doesn't want you to call the WebAPI. But there is a solution. Enable CORS by setting the flag EnableCors in the web.config to true. Then open the SQL database.

The WebAPI makes use of a database table called WEBAPI_CORS. This table contains 2 columns. Origin and note. After you add a domain to the origin column the WebAPI will sent that domain within the Access-Control-Allow-Origin header when an options request is being made from a browser visiting that domain. The note table can be used for extra comments. The WebAPI does nothing with this value.