- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- Configuring automation capabilities
- Audit
- Settings
- Cloud robots
- Folders Context
- Automations
- Processes
- Jobs
- Apps
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- CORS/CSP Configuration
- Managing Storage Buckets
- Test Suite - Orchestrator
- Resource Catalog Service
- Authentication
- Integrations
- Classic Robots
- Troubleshooting
Orchestrator User Guide
CORS/CSP Configuration
Web browser access to Amazon and Azure storage buckets can sometimes be restricted due to Cross Origin Resource Sharing (CORS) and Content Security Policy (CSP) settings.
The following operations are impaired when accessing bucket content from the Orchestrator UI:
- Uploading files into a storage bucket
- Downloading files from a storage bucket.
-
Opening document validation actions or form actions that use images stored in buckets.
Note: Accessing storage files using activities is not impacted by CORS and CSP policies because they are browser-specific and are validated/enforced at browser level only.
Both CORS and CSP allow whitelisting identified entities in the web application. See below details about each.
CORS is a mechanism that allows resources on a web page to be accessed across domain boundaries.
Orchestrator web browser access to Amazon and Azure storage buckets can be restricted due to same-origin-policy on the provider side. Successfully accessing the content of such a bucket from the Orchestrator UI requires you to configure the respective provider to allow cross-origin requests from Orchestrator.
If you change the frontend DNS, you must update the CORS settings of all storage buckets (S3 or compatible), or on all Azure storage accounts that Orchestrator accesses.
GET
and PUT
requests from Orchestrator. For example:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"PUT"
],
"AllowedOrigins": [
"https://cloud.uipath.com"
],
"ExposeHeaders": []
}
]
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"PUT"
],
"AllowedOrigins": [
"https://cloud.uipath.com"
],
"ExposeHeaders": []
}
]
Enable GET and PUT operations for requests originating from the Orchestrator. For example:
<Cors>
<CorsRule>
<AllowedOrigins>http://cloud.uipath.com</AllowedOrigins>
<AllowedMethods>PUT,GET</AllowedMethods>
<AllowedHeaders>*</AllowedHeaders>
<ExposedHeaders>*</ExposedHeaders>
</CorsRule>
</Cors>
<Cors>
<CorsRule>
<AllowedOrigins>http://cloud.uipath.com</AllowedOrigins>
<AllowedMethods>PUT,GET</AllowedMethods>
<AllowedHeaders>*</AllowedHeaders>
<ExposedHeaders>*</ExposedHeaders>
</CorsRule>
</Cors>
Content Security Policy is a web browser security layer that prevents a web app from making requests outside a trusted set of hosts.
When using storage buckets, Orchestrator automatically allows calls to Azure or Amazon S3.