VMware Cloud Director uses a Cross-Origin Resource Sharing (CORS) filter implementation to maintain a list of all valid endpoints that you can use to access the Service Provider Admin Portal and the VMware Cloud Director Tenant Portal. For larger VMware Cloud Director deployments, you might need to manually configure CORS.

  • Familiarize yourself with the relevant VMware Cloud Director API documentation.
  • Verify that you have system administrator credentials.

The CORS filtering list is populated and updated during the cell configuration. It contains HTTP and HTTPS entries with IP addresses and DNS names for all cells in the server group. It also contains a public IP address that the load balancer uses, which fronts the VMware Cloud Director server group.

During the cell configuration of appliance deployments, the list is not updated with the DNS names of the VMware Cloud Director cells, and you cannot use the DNS name of a cell to access it.

VMware Cloud Director can handle automatically the CORS configuration of simple VMware Cloud Director setups. You might need to configure manually more advanced setups.


  1. Make a GET request with an authorization header with the JSON Web Token (JWT) and an accept header to the https://{api_host}/cloudapi/1.0.0/site/settings/cors API endpoint.

    For more information about the CORS VMware Cloud Director OpenAPI category, see https://developer.vmware.com/apis/vmware-cloud-director/latest/cors/.

    Alternatively, you can interact with this API and the majority of all /cloudapi/ APIs through the API Explorer.

    If you are using the API Explorer, within the cors section, there are two APIs you need to leverage.
    GET /1.0.0/site/settings/cors
    PUT /1.0.0/site/settings/cors

    The system output is a list that should contain HTTP and HTTPS entries with IP addresses and DNS names for all cells in the server group. It should also contain the public host name and IP address that the load balancer uses.

    Each endpoint in the list must have three entries:
    • FQDN
    • HTTP
    • HTTPS
      "values": [
          "origin": "vcd.domain.local"
          "origin": "http://vcd.domain.local"
          "origin": "https://vcd.domain.local"
  2. Verify that for every endpoint in the list, there are three entries and make a PUT request to the API endpoint.
    Verify that when you perform a REST PUT operation, you provide all values of the origins configuration which are currently configured and which you need to retain.