# Authorized Domains -------------------------------------------------------------------------------- title: "Introduction" description: "Custom User Validation allows you validate user sign ups using custom logic" last_updated: "2026-03-18T07:41:08.534Z" source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/whitelisting/authorized-domains/introduction/" service: "Cloud Scale" -------------------------------------------------------------------------------- # CORS and iFrame Catalyst Cloud Scale provides you the convenience of easily configuring the following two functionalities for your application from the console: <br /> ### CORS {{%bold%}}Cross-Origin Resource Sharing{{%/bold%}} (CORS) is a mechanism that instructs a browser to allow web applications running on one origin to access resources from a different origin. Unless you specifically enable CORS, browsers prevent client-side scripts from accessing resources from a different origin by default. This is done by implementing a security mechanism called a same-origin policy, to protect the resources. When a web application requires a resource on a different domain to be accessed, it will execute a cross-origin request by including additional HTTP headers in the request, to inform the browser about it. When you enable CORS for an external domain in your Catalyst application, browsers will process HTTP requests from that particular domain and pass it on to Catalyst servers. Catalyst will then allow access to the client and all the function endpoints of your application, and send appropriate responses back. Catalyst ensures secure data transfers through cross-origin requests, by enabling you to specify and manage the domains that can be allowed to access the application endpoints in the console. ### iFrame Catalyst also enables you to easily allow your application to be incorporated as a widget in an external domain, similar to allowing CORS. To load your application as a widget in a target website, you must code a script for it in your application's source files. Once that's done, you can embed your application as a widget on the target website by incorporating the widget script in the target's code. If you choose to embed your application widget in the form of an iFrame, you can utilize Catalyst's convenient functionality. By default, browsers do not allow iFrame elements from one domain to be loaded in a different domain, as they violate standard content security policies, unless specific access is given. However, using Catalyst, you don't need to build the logic involved in granting permissions to allow an external widget. You can easily enable the iFrame of your application widget for a domain in the console. Catalyst servers will then handle the communication with the browsers. The server informs the browser about the configured domains that can allow your application widget to be incorporated in them. -------------------------------------------------------------------------------- title: "Implementation" description: "Custom User Validation allows you validate user sign ups using custom logic" last_updated: "2026-03-18T07:41:08.534Z" source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/whitelisting/authorized-domains/implementation/" service: "Cloud Scale" -------------------------------------------------------------------------------- # Implementation To access the {{%italics%}}Whitelisting{{%/italics%}} section you have to configure at least one of the {{%link href="/en/cloud-scale/help/authentication/authentication-types/" %}}authentication types{{%/link%}}: {{%link href="/en/cloud-scale/help/authentication/native-catalyst-authentication/hosted-authentication-type/introduction/" %}}Hosted{{%/link%}}, {{%link href="/en/cloud-scale/help/authentication/native-catalyst-authentication/embedded-authentication/introduction/" %}}Embedded{{%/link%}}, or {{%link href="/en/cloud-scale/help/authentication/third-party-authentication/introduction/" %}}Third-party{{%/link%}}. You can access *Authorized Domains* in the whitelisting section any time by navigating to **Cloud Scale > Authentication** in the console, and clicking the **Whitelisting** option. <br /> You can also access {{%italics%}}Authorized Domains{{%/italics%}} in the *Additional Settings* section during the last step of all the authentication setups. <br /> ### To Enable CORS and iFrame Similar to {{%link href="/en/cloud-scale/help/authentication/whitelisting/custom-user-validation/implementation/" %}}Custom User Validation{{%/link%}}, Authorized Domains is also disabled by default. To authorize domains and enable CORS and iFrame access: 1. Click **Add Domain** under the *Authorized Domain* section. <br /> 2. Enter the name of the domain name, and authorize the domain to have CORS and or iFrame access by enabling the respective options, as per your preference. <br /> 3. Click **Configure** to complete set up. The authorized domain along with the enabled status of CORS and iFrame access to your application will be displayed. <br /> You can authorize and add more domains by clicking **Add Domain** and repeating the above mentioned steps. <br /> ### To Modify Domain Name or Update CORS and iFrame Access to Your Application You can modify a domain name or reconfigure its CORS and iFrame access to your application in the following way: 1. Click the **ellipsis icon** next to the domain you wish to change, and click **Edit**. <br /> 2. You can update the domain name, and enable or disable CORS and iFrame access as per your preference in the pop-up window. Click **Update** to confirm the update. <br /> You can now view the updated information of the domain in the **Authorized Domains** section. <br /> ### To Delete an Authorized Domain You can permanently delete a domain that you authorized in the following way: 1. Click the **ellipsis icon** next to the domain you wish to delete, and click **Delete**. <br /> 2. Click **Yes, Proceed** in the confirmation pop-up. <br /> The domain will be deleted. <br />