Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to define CORS in Websphere Application Server Liberty Profile V8.5

Tags:

cors

websphere-liberty

Is it possible to apply cross-origin resource sharing (CORS) in a Websphere Application Server Liberty Profile V8.5 ?

I searched the redbook but couldn't find IBM mention anything about it. (http://www.redbooks.ibm.com/abstracts/sg248076.html?Open)

It's not possibility for me to set the headers programmatically like this:

Access-Control-Allow-Origin: *

(http://enable-cors.org/server.html)

like image 989
Niek Vandael Avatar asked Jun 18 '14 05:06

Niek Vandael

People also ask

How do you set CORS configuration?

In the Buckets list, choose the name of the bucket that you want to create a bucket policy for. Choose Permissions. In the Cross-origin resource sharing (CORS) section, choose Edit. In the CORS configuration editor text box, type or copy and paste a new CORS configuration, or edit an existing configuration.

How do I allow CORS access?

Simply activate the add-on and perform the request. CORS or Cross-Origin Resource Sharing is blocked in modern browsers by default (in JavaScript APIs). Installing this add-on will allow you to unblock this feature.

How do you manage CORS?

Handling CORS You can use the Access-Control-Allow-Origin to specify which origin the client app must be requesting from, you can use Access-Control-Allow-Headers to specify which header(s) the client app can provide, you can use Access-Control-Allow-Method to specify which HTTP method(s) the client app can use e.t.c.

3 Answers

You have to add following jars to your WEB-INF/lib folder:

  • cors-filter-1.8.jar
  • java-property-utils-1.9.jar

In your web.xml you have to add following rules:

<filter>
    <filter-name>CORS</filter-name>
    <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
</filter>
<filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>
like image 141
GuyT Avatar answered Nov 16 '22 14:11

GuyT

Starting with the January 2016 Beta (edit: and now in Liberty 8559), WebSphere Liberty supports CORS natively. You just configure the server.xml with the CORS options you want, here's an example:

<cors domain="/sampleApp/path"
   allowedOrigins="https://alice.com:8090"
   allowedMethods="GET, DELETE, POST"
   allowedHeaders="Accept, MyRequestHeader1"
   exposeHeaders="MyResponseHeader1"
   allowCredentials="true"
   maxAge="3600" />

The domain attribute is for the application root that you want this configuration to apply to, which means it won't affect any other context roots. The other 7 attributes follow exactly the official CORS spec (https://www.w3.org/TR/cors/), so they are pretty self explanatory.

Link to beta: https://developer.ibm.com/wasdev/blog/2016/01/15/beta-websphere-liberty-and-tools-january/

like image 23
ArthurDM Avatar answered Nov 16 '22 15:11

ArthurDM

To extend to the CORS from ArthurDM: The documented pages where not explaining enough for me. My setup is the following and I just want to share that with you:

  • Use Liberty Profile 8.5.5.9. So the CORS addition to liberty profile is not in beta only anymore.
  • Use JavaEE batch and connected the batch to put all its data in the repository (not in memory).
  • I wanted to use batchManagement-1.0 feature for the rest api of batch that comes with it.
  • Angular 1.

Eventually the following cors setting did the trick:

    <cors domain="/ibm/api" 
       allowedOrigins="http://localhost:9080" 
       allowedMethods="GET, POST, PUT, DELETE" 
       allowedHeaders="Accept, Accept-Language, Content-Language, Content-Type" 
       exposeHeaders="Content-Type" 
       allowCredentials="true" 
       maxAge="3600" />

Good luck, and I hope it helps.

like image 1
King Nike Avatar answered Nov 16 '22 15:11

King Nike
Sign in to Comment

Related questions

AWS S3 + CloudFront gives CORS errors when serving images from browser cache
Communication between AngularJS and a Jersey Webservice which are on a different domain. Can't access correct session
Spring Boot : CORS Issue
Spring boot rest service options 401 on oauth/token
Cross-Origin Request Blocked with React and Express
Keycloak CORS issue when being redirected to login
How to manage CORS policy properly in express?
cors-anywhere.herokuapp.com not working (503). What else can I try?
ajax jquery cross domain call does not send authorization header
SignalR cross-domain connections with self-hosting and authentication
Access-Control-Allow-Origin missing on the first response
How do I know which access-control-allow-headers to allow for CORS?
How to respond to OPTIONS HTTP Method in rails-api?
Amazon S3 CORS still not working: No 'Access-Control-Allow-Origin'
Cross-origin Ajax requests don't work in Opera and IE9?
Issue with crossorigin anonymous failing to load images
How can I simulate CORS on my LOCAL machine?
HAProxy CORS OPTIONS header intercept setup
CORS HEADERS present only on preflight or every request

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!