Cross-origin resource sharing
Updated: June 16, 2015
When adding host names to the list, you should consider the following:
Specify just the host or domain name, without the scheme part. For example, enter www.contoso.com instead of http://www.contoso.com.
An exact match is required. This means that you must enter both www.contoso.com and contoso.com to allow access from both domains.
Wildcards are supported. For example, when you enter *.contoso.com all subdomains of contoso.com will have access. Because of matching rules, you must still enter contoso.com separately.
The host name values in Allow requests from host names list apply not only to browsers that support CORS but also to older versions of Internet Explorer that do not support CORS. This list is also used when browser-based clients attempt to authenticate with your mobile service.
CORS enables access for web apps running in a browser. Native client apps are able to make requests to your mobile service regardless of the CORS settings.