By Tom Toomire and Paul McWilliams.
Starting in Db2 13 for z/OS with the PTF for APAR PH59837, you can enable cross-origin resource sharing (CORS) for Db2 REST services. Cross-Origin Resource Sharing (CORS) is a protocol standard for permitting a web page or application to access remote content from a different domain (or port) than the site that the web page was loaded from. You can enable Db2 REST services to use the HTTP Cross-Origin Resource Sharing (CORS) protocols, including support for the CORS "pre-flight" HTTP OPTIONS verb and CORS HTTP request/response header fields.
For example, as shown in the following illustration, a user loads a page from the “origin” site at mynode.ibm.com. The downloaded webpage includes client-side content, such as a JavaScript, which invokes a Db2 native REST service using site db2server.ibm.com:446. The call to the Db2 REST service triggers the CORS protocols because the Db2 REST service site is different than the “origin” site from where the webpage was originally loaded.