Do you need to use CORS?

We actually recommend an application design that does not require CORS.

While it is true that the Viewer, running in the browser, needs a way to send requests to PAS, we recommend you setup a dedicated reverse proxy route as part of your web application (or web server) which allows the viewer to make requests to the same origin (domain) from which the web page itself was loaded. Our Getting Started explains this sort of deployment in a lot more detail. We recommend you read through that first if you have not already.

That said, if you want your viewer instances in the browser to send requests directly to your PAS deployment running on a different domain (origin), it is possible. To do this, you'll need to explicitly configure PAS to enable CORS:

1. Modify the CORS settings within your PAS configuration file. Refer to the topic, PAS Configuration, for more information.
2. Restart PAS for the changes to take effect. Refer to the topic, Starting & Stopping PAS, for more information.
3. Update the imageHandlerUrl in the viewer initialization options to point directly to the publicly accessible PAS entry point. For more information on viewer configuration options, refer to the topic, Initialization Parameters.

There is no native support for CORS in Internet Explorer 8 and 9.