OIC applications do not allow authenticated access from arbitrary origins. All domains belonging to arbitrary origins need to be registered in the allowed list of sites for cross-origin resource sharing (CORS) processing. Retrieve, create, and update the list of allowed sites for CORS processing. You need Administrator permissions to use these API functions.