Administrators may need to allow an external script or third-party application to make direct calls to their Blackboard Learn instance’s REST API. Previously, these requests would be blocked at the browser level. Blackboard Learn includes a Cross-Origin Resource Sharing (CORS) tool to allow your institution to leverage cloud-based or third-party extensions more fully. Administrators can also use the CORS tool to strictly define the allowed domains within an access control list and headers allowed as part of those requests. This secure, scalable tool lets you explore more integration possibilities using REST APIs.
For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. For example, XMLHttpRequest and the Fetch API follow the same-origin policy, which says a web application using those APIs can only request HTTP resources from the same domain the application was loaded from unless Cross-Origin Resource Sharing (CORS) headers are used.
With the CORS tool, Blackboard Learn administrators can define these external domains directly from within the Administrator Panel.
Create a configuration
- Go to Admin Panel > Cross-Origin Resource Sharing.
- Select Create Configuration.
- Enter details for the configuration:
- Origin: Enter a domain using http:// protocol.
- Allowed Headers: Specify the headers you want to allow from the origin.
- Available: Select Yes to make the configuration available. The configuration availability is set to No by default.
- Select Submit to save.
Manage a configuration
- Go to Admin Panel > Cross-Origin Resource Sharing.
- Open a configuration's menu.
- Select Edit to access the Origin, Allowed Headers, and Available settings.
- Select Make Unavailable to disable the configuration. You can also select multiple configuration checkboxes and select from the Availability menu to change settings in bulk.
- Select Delete to remove the configuration. You can also select multiple configuration checkboxes and select Delete to remove configurations in bulk.