This parameter sets a comma-delimited list of external origins (URLs) that are trusted and can access the Planning Analytics database.
Parameter type: optional, dynamic
HTTPOriginAllowList parameter is not included in Planning Analytics database configuration, requests from all
origins are trusted and granted access to the Planning Analytics database, subject to authentication.
However, when this parameter is set in Planning Analytics database configuration, any incoming request
with an Origin header is validated against the URLs specified in
HTTPOriginAllowList. An exact match between the Origin header in the incoming
request and a URL in
HTTPOriginAllowList must be validated before the incoming
request is granted access to the Planning Analytics
The syntax for an Origin header includes the scheme, hostname, and (optionally) the port that caused the request.
The protocol that is used. Usually, it is the
gopherare also valid.
The domain name or the IP address of the origin server.
The port number on which the server is listening.
Port is optional in an Origin header, but if it is present in the header it must also be included in the URL set in
HTTPOriginAllowListfor the request to succeed.
Accordingly, the URLs specified in
HTTPOriginAllowList use the same syntax of
<scheme>://<hostname>:<port>. For example:
HTTPOriginAllowList=https://www.ibm.com, http://www.example.com:80, https://192.0.2.10