CorsWhitelistEntry

Cross-Origin Resource Sharing (CORS) enables web browsers to request resources from origins other than their own (cross-origin). For example, using CORS, JavaScript code at https://www.example.com could request a resource from https://www.salesforce.com. To access supported Salesforce APIs, Apex REST resources, and Lightning Out from JavaScript code in a web browser, add the origin serving the code to a Salesforce CORS whitelist.

Supported Calls

create(), delete(), query(), retrieve(), upsert()

Fields

Field Name Details
DeveloperName
Type
string
Properties
Create, Filter, Group, Sort, Update
Description
The unique name of the record in the API. This name can contain only underscores and alphanumeric characters, and must be unique in your org. It must begin with a letter, not include spaces, not end with an underscore, and not contain two consecutive underscores. This field is automatically generated but you can supply your own value if you create the record using the API.
Note

Note

When creating large sets of data, always specify a unique DeveloperName for each record. If no DeveloperName is specified, performance may slow while Salesforce generates one for each record.

Language
Type
picklist
Properties
Create, Filter, Group, Nillable, Restricted picklist, Sort, Update
Description

This picklist contains the following fully-supported languages:

  • Chinese (Simplified): zh_CN
  • Chinese (Traditional): zh_TW
  • Danish: da
  • Dutch: nl_NL
  • English: en_US
  • Finnish: fi
  • French: fr
  • German: de
  • Italian: it
  • Japanese: ja
  • Korean: ko
  • Norwegian: no
  • Portuguese (Brazil): pt_BR
  • Russian: ru
  • Spanish: es
  • Spanish (Mexico): es_MX
  • Swedish: sv
  • Thai: th
MasterLabel
Type
string
Properties
Create, Filter, Group, Sort, Update
Description
Master label for the CORS whitelist entry.
NamespacePrefix
Type
string
Properties
Filter, Group, Nillable, Sort
Description
For managed packages, this field is the namespace prefix assigned to the package. For unmanaged packages, this field is blank.
UrlPattern
Type
string
Properties
Create, Filter, Group, Sort, Update
Description
The origin URL pattern must include the HTTPS protocol (unless you’re using your localhost) and a domain name, and can include a port. The wildcard character (*) is supported and must be in front of a second-level domain name. For example, https://*.example.com adds all subdomains of example.com to the whitelist.
The origin URL pattern can be an IP address. However, an IP address and a domain that resolve to the same address are not the same origin, and you must add them to the CORS whitelist as separate entries.

Usage

CORS is a W3C recommendation that enables web browsers to request resources from origins other than their own (cross-origin request). For example, using CORS, a JavaScript script at https://www.example.com could request a resource from https://www.salesforce.com.

If a browser that supports CORS makes a request to an origin in the Salesforce CORS whitelist, Salesforce returns the origin in the Access-Control-Allow-Origin HTTP header, along with any additional CORS HTTP headers. If the origin is not included in the whitelist, Salesforce returns HTTP status code 403.

Important

Important

CORS does not support requests for unauthenticated resources, including OAuth endpoints. You must pass an OAuth token with requests that require it.