CORS and iFrame

Catalyst Cloud Scale provides you the convenience of easily configuring the following two functionalities for your application from the console:



Cross-Origin Resource Sharing (CORS) is a mechanism that instructs a browser to allow web applications running on one origin to access resources from a different origin.

Unless you specifically enable CORS, browsers prevent client-side scripts from accessing resources from a different origin by default. This is done by implementing a security mechanism called a same-origin policy, to protect the resources. When a web application requires a resource on a different domain to be accessed, it will execute a cross-origin request by including additional HTTP headers in the request, to inform the browser about it.

When you enable CORS for an external domain in your Catalyst application, browsers will process HTTP requests from that particular domain and pass it on to Catalyst servers. Catalyst will then allow access to the client and all the function endpoints of your application, and send appropriate responses back. Catalyst ensures secure data transfers through cross-origin requests, by enabling you to specify and manage the domains that can be allowed to access the application endpoints in the console.


Catalyst also enables you to easily allow your application to be incorporated as a widget in an external domain, similar to allowing CORS.

To load your application as a widget in a target website, you must code a script for it in your application’s source files. Once that’s done, you can embed your application as a widget on the target website by incorporating the widget script in the target’s code. If you choose to embed your application widget in the form of an iFrame, you can utilize Catalyst’s convenient functionality.

By default, browsers do not allow iFrame elements from one domain to be loaded in a different domain, as they violate standard content security policies, unless specific access is given. However, using Catalyst, you don’t need to build the logic involved in granting permissions to allow an external widget. You can easily enable the iFrame of your application widget for a domain in the console.

Catalyst servers will then handle the communication with the browsers. The server informs the browser about the configured domains that can allow your application widget to be incorporated in them.

Last Updated 2023-05-08 18:05:05 +0530 +0530