orchestrator

2020.10

false

Getting started
- Introduction
- Logging in to Orchestrator
- Resetting Your Password
- Robots
  - Robot Statuses
  - Robot Settings
Best practices
- Organization Modeling in Orchestrator
- Managing Large Deployments
- Automation Best Practices
Tenant
- About the Tenant Context
- Robots
  - Managing Robots
  - Connecting Robots to Orchestrator
  - Setup Samples
  - Storing Robot Credentials in CyberArk
- Folders
  - Managing Folders
  - Classic Folders Vs Modern Folders
  - Migrating From Classic Folders to Modern Folders
  - Administration of Modern Folders
  - Personal Workspaces
  - Managing Personal Workspaces
- About Users
  - Managing Users
  - User Types
  - Field Descriptions
  - FAQ
- Roles
  - Default Roles
  - Managing Roles
- Machines
  - Managing Machines
- Packages
  - Managing Packages
  - About Libraries
  - Managing Libraries
- Audit
- Credential Stores
  - Managing Credential Stores
  - CyberArk® Integration
  - CyberArk® CCP Integration
  - Azure Key Vault Integration
- Webhooks
  - Types of Events
  - Managing Webhooks
- About Licensing
  - Activating Your License
  - Managing Your Licenses
- Alerts
  - Alert Emails
  - Setting Up Alert Emails
- Settings
  - General Tab
  - Deployment Tab
  - Mail Tab
  - Security Tab
  - Scalability Tab
  - Non-Working Days Tab
Actions
- About Actions
- Managing Actions
Folders Context
- About the Folders Context
- Home
  - Overview
Automations
- About Automations
Processes
- About Processes
- Managing Processes
- About Recording
Jobs
- About Jobs
- Managing Jobs
- Job States
Triggers
- About Triggers
- Managing Triggers
- Using Cron Expressions
Logs
- About Logs
- Managing Logs in Orchestrator
- Logging Levels
- Orchestrator Logs
- Protecting Sensitive Information in Studio
Monitoring
- About Monitoring
- Machines
- Processes
- Queues
- Queues SLA
Queues
- About Queues and Transactions
  - Queue Item Statuses
  - Business Exception Vs Application Exception
  - Studio Activities Used With Queues
- Managing Queues in Orchestrator
- Managing Queues in Studio
- Managing Transactions
  - Editing Transactions
  - Field Descriptions for the Transactions .csv File
- Review Requests
Assets
- About Assets
- Managing Assets in Orchestrator
- Managing Assets in Studio
Storage Buckets
- About Storage Buckets
  - CORS/CSP Configuration
- Managing Storage Buckets
- Moving Bucket Data Between Storage Providers
Orchestrator testing
- Test Cases
  - Field Descriptions for the Test Cases Page
- Test Sets
  - Field Descriptions for the Test Sets Page
- Test Executions
  - Field Descriptions for the Test Executions Page
- Test Schedules
  - Field Descriptions for the Test Schedules Page
- Test Data Queues
  - Managing Test Data Queues in Orchestrator
  - Managing Test Data Queues in Studio
  - Field Descriptions for the Test Data Queues Page
  - Test Data Queue Activities
Action Catalogs
- About Action Catalogs
- Managing Action Catalogs
Profile
- About the Profile Page
- Managing Profile Settings
System Administrator
- About System Administrators
- Managing Tenants
- Field Descriptions for the Host Settings Page
- Maintenance Mode
Identity Server
- About Identity Server
- Identity Management Portal
- External Identity Providers
  - Field Descriptions for External Providers Page
- Installation Access Token
Authentication
- Configuring the Active Directory Integration
- Configuring SSO: SAML 2.0
  - ADFS Authentication
  - Google Authentication
  - OKTA Authentication
  - PingOne Authentication
  - Custom Mapping
  - Self-Signed Certificates
  - Private Key Certificates
- Configuring SSO: Google
- Configuring SSO: Azure Active Directory
- SmartCard Authentication
- Setting Up Auto Login for Users Under an Active Directory Group
- Configuring the SMTP Server
- Changing the Windows Authentication Protocol
Other Configurations
- Increasing the Size Limit of Package Files
- Opting Out of Telemetry
- Setting up Encryption Key Per Tenant
- GZIP Compression
Integrations
- About Input and Output Arguments
  - Example of Using Input and Output Arguments
Classic Robots
- Robots
  - Managing Robots
  - Robot Statuses
  - Setup Samples
- Environments
  - Managing Environments
- Jobs
- Triggers
  - Time Triggers
    - Queued Jobs Scenarios
  - Queue Triggers
  - Non-Working Days
- Monitoring
  - Robots
- Resources
Troubleshooting
- IE 11.0.9600.17031 Issues
- Frequently Encountered Orchestrator Errors
- Cron Expressions
- Upgrade Issues

OUT OF SUPPORT

Orchestrator user guide

DELIVERY:

Last updated Jan 20, 2026

CORS/CSP Configuration

Web browser access to Amazon and Azure storage buckets can sometimes be restricted due to Cross Origin Resource Sharing (CORS) and Content Security Policy (CSP) settings. This applies to Orchestrator buckets as well, when Orchestrator's storage is configured to use Azure or Amazon.

The following operations are impaired when accessing bucket content from the Orchestrator UI:

Uploading files into a storage bucket
Downloading files from a storage bucket.
Opening document validation actions or form actions that use images stored in buckets.

Note: Accessing storage files using activities is not impacted by CORS and CSP policies because they are browser-specific and are validated/enforced at browser level only.

Both CORS and CSP allow whitelisting identified entities in the web application. See below details about each.

CORS

CORS is a mechanism that allows resources on a web page to be accessed across domain boundaries.

Orchestrator web browser access to Amazon and Azure storage buckets can be restricted due to same-origin-policy on the provider side. Successfully accessing the content of such a bucket from the Orchestrator UI requires you to configure the respective provider to allow cross-origin requests from Orchestrator.

Amazon S3

Add a rule that allows GET and PUT requests from Orchestrator. For example:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "PUT"
        ],
        "AllowedOrigins": [
            "http://your.orchestrator.dns.name"
        ],
        "ExposeHeaders": []
    }
][
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "PUT"
        ],
        "AllowedOrigins": [
            "http://your.orchestrator.dns.name"
        ],
        "ExposeHeaders": []
    }
]

See here the official Amazon S3 documentation on the subject of cross-origin resource sharing.

Azure

Enable GET and PUT operations for requests originating from the Orchestrator. For example:

<Cors>
<CorsRule>
<AllowedOrigins>http://your.orchestrator.dns.name</AllowedOrigins>
<AllowedMethods>PUT,GET</AllowedMethods>
<AllowedHeaders>*</AllowedHeaders>
<ExposedHeaders>*</ExposedHeaders>
</CorsRule>
<Cors><Cors>
<CorsRule>
<AllowedOrigins>http://your.orchestrator.dns.name</AllowedOrigins>
<AllowedMethods>PUT,GET</AllowedMethods>
<AllowedHeaders>*</AllowedHeaders>
<ExposedHeaders>*</ExposedHeaders>
</CorsRule>
<Cors>

Note: Make sure that the URL does not end in a slash.

See here the official Azure documentation on the subject of cross-origin resource sharing.

CSP

Content Security Policy is a web browser security layer that prevents a web app from making requests outside a trusted set of hosts.

When using storage buckets, Orchestrator automatically allows calls to Azure or Amazon S3, if these providers are enabled or if Orchestrator's composite storage is configured to use Azure or Amazon S3.

Important: To prevent CSP issues, use canonical Azure or Amazon names for the container, and avoid vanity URLs.

To fix possible CSP issues, add the Buckets.ContentSecurityPolicy parameter in UiPath.Orchestrator.dll.config and set its value to a comma-separated list of all domains to be whitelisted. This parameter overrides the corresponding Orchestrator settings in regards to Azure and AWS, so make sure to adds Azure and/or AWS as well, if needed.

On this page

CORS
Amazon S3
Azure
CSP

Was this page helpful?

PREVIOUSAbout Storage Buckets

NEXTManaging Storage Buckets