Configure CORS
editConfigure CORS
editIf APM Server is deployed in an origin different than the page’s origin, you will need to configure Cross-Origin Resource Sharing (CORS).
A list of permitted origins can be supplied to the
apm-server.rum.allow_origins
configuration option.
By default, APM Server allows all origins.
How CORS works
editWhen the RUM agent makes it’s initial POST
request, the browser will check to see if it is a cross-origin request.
If it is, the browser automatically makes a preflight OPTIONS
request to the server to ensure the original POST
request is allowed.
If this OPTIONS
check passes, then the original POST
request is allowed.
This request will fail if RUM support is not configured in the APM Server.
If you use a proxy, the preflight request headers may be necessary for your configuration:
Access-Control-Request-Headers: Content-Type Access-Control-Request-Method: POST Origin: [request-origin]
The response should include these headers:
Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Origin: [request-origin]
To learn more about CORS, see the MDN page on Cross-Origin Resource Sharing.