> For the complete documentation index, see [llms.txt](https://docs.unizen.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.unizen.io/api-introduction/security-best-practices-for-integrating-unizen/why-disable-cors.md). # Why disable CORS #### 1. **Protection Against Direct Requests:** CORS is designed to control how web pages in one domain can request resources from another domain. By disabling CORS, we prevent direct requests to our API endpoints from web pages or applications hosted on different domains. This restriction is intentional to minimize the risk of unauthorized access and potential misuse of sensitive data. #### 2. **Forcing the Use of Reverse Proxy:** Disabling CORS acts as a deliberate measure to encourage integrators to adopt a reverse proxy approach. Instead of making direct requests from client-side applications, integrators are prompted to route their API requests through a reverse proxy. This adds an extra layer of security by hiding API keys and minimizing exposure to potential security threats. ### The Role of Reverse Proxy: #### 1. **Concealing API Keys:** A reverse proxy serves as an intermediary between client applications and API servers. By utilizing a reverse proxy, API keys are hidden from direct exposure to client-side code, mitigating the risk of key compromise and unauthorized access. #### 2. **Centralized Security Control:** Leveraging a reverse proxy allows for centralized security controls. Security configurations, including key handling and access policies, can be managed and monitored from a single point. This centralization streamlines security management, reducing the likelihood of misconfigurations. #### 3. **Enhanced Monitoring and Logging:** Reverse proxies provide robust monitoring and logging capabilities for API traffic. Integrators can benefit from comprehensive logs, gaining insights into usage patterns and potential security threats. This enhanced visibility ensures timely detection and response to any suspicious activities. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.unizen.io/api-introduction/security-best-practices-for-integrating-unizen/why-disable-cors.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.