Enable CORS for an Organization

In GoodData you can enable cross-origin resource sharing (CORS) in an organization to get around the same-origin policy browser restrictions. With CORS enabled you can make GoodData resources, which are hosted on one domain, accessible to you from any other domain.

User interface
API (Bash)

You can add multiple domains as allowed origins directly through the user interface in the Developer settings section:

  1. On homepage, go to Developer settings.

  2. In the Cross-origin resource sharing (CORS) section, click Manage.

    Manage CORS

    The list of allowed origins opens.

  3. Click + Add and type the URL.

    Add URL

  4. Click Add and click Close.

To edit a domain in the allowed origins list, open the list of allowed origins and click the domain name and edit it.

To remove any domain from the allowed origins list, click the bin icon on the right.

To set allowed origins for an organization use the /api/v1/entities/admin/organizations/default API endpoint:

curl -v -X PATCH -H 'Content-type: application/vnd.gooddata.api+json' \
    -H "Authorization: Bearer <token>" \
    -d @organization.json $HOST_URL/api/v1/entities/admin/organizations/default

where organization.json contains

    "data": {
        "attributes": {
            "allowedOrigins": [
        "id": "default",
        "type": "organization"