As an administrator, you are responsible for securing your company's important commercial assets. In Content, you have the control to secure your content in several layers.
Cross-origin resource sharing
Sometimes you may need to access your content from a different domain. But you don't want anyone to be able to retrieve your content from your subscription. So how do you control which domains can access your subscription?
All you have to do is add the domains you trust to the CORS setting in the Admin > Settings > Security page. Only add domains that need access to the content and assets stored in your subscription. For example, you can add your web servers or your development environment domains.
The domain format must be protocol://server: port where the protocol is either HTTP or HTTPS. The server is either your server name or its IP address. Provide the port number of your server—for example, http://my.domain.org:80.
Tip: You can add an asterisk ( * ) to add all trusted domains.
Note: The CORS support applies only to Content API calls. The CORS does not affect accessing static resources.
Pages and content authentication
In Content's standard edition, you can provide your marketers with a way to secure content. They can control who can access the content they published by requiring authentication.
Enable the Pages and content authentication setting in the Admin > Settings > Security page.
When enabled, marketers can set access requirements for site pages as well. They can enable the security option as they create their page or by editing the page settings. They can also enable it for individual content items from the Details tab in the content form.
Delivery URLs are accessible by anyone by default. When the toggle is enabled, the API requests will need login credentials to fetch content. If accessed through a browser, the user will need to log in.