3 Replies Latest reply on Jul 16, 2020 1:26 PM by thatJeffSmith-Oracle

    What is the sense of Origins Allowed while restricting access to ORDS module?

    Sasha Gomanuke


      Would You share Your experience about ORDS Module Definition "Origins Allowed"?

      As it's said in online help:

      Origins Allowed

      A comma-separated list of URL prefixes which are allowed to access this module. If the list is empty, there will be no restrictions applied.

      An origin is defined by the protocol, host name, and port of a website. For example https://example.com is one origin and https://another.example.com is a different origin because the host name differs. Similarly, http://example.com is a different origin to https://example.com because the protocol differs. Finally, http://example.com is a different origin to http://example.com:8080 because the port differs.

      My test ORDS 19.4 module is accessed by public domain name https://mydomain.com/ords/test/mymodule/

      I set local domain in my private VPN mydomain.local

      All services (Apache, ORDS etc) and hosts are accessible in VPN by URL https://mydomain.local/ etc

      I set "Origins Allowed" for mymodule as https://mydomain.local/

      But https://mydomain.com/ords/test/mymodule/ is still accessible in browser.


      Appreciate for Your explanation of my mistakes.