A customer has Sisense embedded in our web application as an iframe, and we are having some issues related to Cross-Origin Resource Policy. We know that Sisense has CORS settings, but we have not fou...
CORP vs CORS
Security reasons and compliance. Third party assessments every year and the lacking of CORP headers was one of the outputs. Actually from what I understood CORP/CORS aims to solve different issues, so we actually should use both.
Also CORP currently has some default (more permissive) values considered by browsers that could change in the future as well. In this case even if the web applications does not set the headers, browser could refuse cross-origin i-frames by default.