Page History
Table of Contents |
---|
Cross-Origin Resource Sharing (CORS) is a mechanism that allows resources on a web page to be requested from another domain outside the domain from which the first resource was served. While a web page may freely embed cross-origin images, scripts, iframes, etc. certain cross-domain requests(ex. ajax requests) are forbidden by default by the same-origin security policy. CORS defines how the browser and server must communicate when accessing sources across origins. The basic idea behind CORS is to use custom HTTP headers to allow both the browser and the server know enough about each other to determine if the request or response should succeed or fail.
...
Note |
---|
By default this mechanism is disabled. The reason for this is that it can be a security risk if not configured properly and not all browsers support this feature. |
Table of Contents |
---|
Enable CORS
Property for enabling the mechanism :
...
In order to specify the allowed origins the property "blueriq.security.cors.allowed-origins" needs to be added in the properties filethe
Include Page | ||||
---|---|---|---|---|
|
...
In order to specify the allowed headers, the property "blueriq.security.cors.allowed-headers" needs to be added in the properties file
Include Page | ||||
---|---|---|---|---|
|
...
If only some methods must be allowed when a cross origin request is made, it can be specified in the properties file the
Include Page | ||||
---|---|---|---|---|
|
...