The allowed_hosts setting accepts an array of URIs that define hosts that can participate in Cross-Origin Resource Sharing (CORS). It also defines which host can embed our application in an <iframe>, <frame>, or <object> tag on a web page. (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options for more information.) Host is intentionally singular since the X-Frame-Options header can only contain one entry. The first host in the list will be used as the value for this header.
The example appSettings.json entry below specifies that "http://example.com" may participate in CORS and can embed the SkySync application on one of its own web pages.
*NOTE: The brackets are required
...
"server": {
"proxy_url": "http://your.ip.address:9090/",
"allowed_hosts": ["http://example.com"]
}
Update the Manager's appSettings.json file with appropriate allowed_hosts entrie(s) and restart your Manager service.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS for detailed information on CORS and how it works.