Use the beacon origin allowlist to specify the origins from which your application beacon endpoints should accept cross-origin RUM beacons.
The RUM JavaScript sends RUM beacons to report the captured data to Dynatrace. Depending on the injection method, there are two default setups:
Auto-injected applications > same-origin beacons
When the RUM JavaScript is injected automatically, RUM beacons are sent back to the web or application server that hosts the auto-injected application; OneAgent provides a beacon endpoint.
By default, the beacons of auto-injected applications are same-origin beacons since the protocol, host, and port of the beacon requests and the page where they're issued are identical.
If you opted for one of the alternative beacon endpoint setups—where the beacons of an auto-injected application are sent to the Dynatrace SaaS infrastructure or an instrumented server on a different domain—RUM beacons are cross-origin beacons.
Agentless applications > cross-origin beacons
When agentless monitoring is used, RUM beacons are sent to a beacon endpoint that is part of the Dynatrace SaaS infrastructure.
For agentless applications, the RUM beacons are cross-origin beacons since they're sent to a different domain.
Browsers adhere to the same-origin policy that, by default, allows scripts to issue requests only to the same origin. To send cross-origin requests, Cross-Origin Resource Sharing (CORS) needs to be used, which allows servers to specify origins that are permitted to access the server. Therefore, cross-origin RUM beacons need to use CORS. In this case:
Origin
header to the cross-origin beacon.Access-Control-Allow-Origin
header to each response that allows the origin provided in the Origin
header.Using the beacon origin allowlist, you can specify from which origins your beacon endpoints should accept RUM beacons.
Create a beacon origin rule to specify from which origins the OneAgent and Dynatrace SaaS infrastructure should accept RUM beacons.
Right after you add the first beacon origin rule, applications that don't match that rule will stop collecting RUM data unless their beacons are sent to the same origin and handled by OneAgent.
To add a beacon origin rule
Go to Settings > Web and mobile monitoring > Beacon origins for CORS.
Select Add item.
Provide the correct pattern for the origin you want to specify.
You can add up to 20 beacon origin rules per environment.
This flowchart shows how Dynatrace applies the beacon origin allowlist in different scenarios. Use it to understand whether a specific beacon origin is allowed.
Access-Control-Allow-Origin
header of the response, and the beacon response returns the 200 OK
HTTP status code.403 Forbidden
status code and a message such as Value in Origin Header is not allowed
.