Permitting web browsers to access deployed HTTP services by enabling Cross-Origin Resource Sharing

You can configure IBM® Integration Bus to permit cross-origin requests from a web browser by enabling Cross-Origin Resource Sharing (CORS).

Before you begin

To find out about Cross-Origin Resource Sharing, why you might want to enable it, and the implications of doing so, see Cross-Origin Resource Sharing.

About this task

IBM Integration Bus includes full support for CORS according to the specification that is available online at Cross-Origin Resource Sharing. You can configure the HTTP listeners for an integration server and the HTTP listeners for an integration node so that they respond to and permit cross-origin requests from a web browser.

Procedure

If you want to permit a web page that is running in a web browser to make HTTP requests to HTTP services that are deployed to IBM Integration Bus, where those HTTP services are being hosted on an HTTP listener for an integration server or an HTTP listener for the integration node, complete the following steps:

  1. Enable CORS on the HTTP listeners. The connectorName for the HTTP listener is HTTPConnector, and for the HTTPS listener is HTTPSConnector. If both HTTP and HTTPS are in use, you must configure the HTTP listeners for HTTP and HTTPS independently.
    The following example shows how to configure the integration server HTTP listener:
    mqsichangeproperties integrationNodeName -e integrationServerName -o connectorName -n corsEnabled -v true
    The following example shows how to configure the integration node HTTP listener:
    mqsichangeproperties integrationNodeName -b httplistener -o connectorName -n corsEnabled -v true
  2. Optional: The default values for the CORS properties for the HTTP listener are permissive. All origins and HTTP methods are permitted by default. You can restrict the permitted origins and HTTP methods for cross-origin requests by configuring other CORS properties, as described in Integration server HTTP listener parameters (SOAP and HTTP nodes) and Integration node HTTP listener parameters.
  3. Optional: To display the currently configured CORS properties on the HTTP listener, run the following command:

    For the integration server HTTP listener:

    mqsireportproperties integrationNodeName -e integrationServerName -o connectorName -r
    
    For the integration node HTTP listener:
    mqsireportproperties integrationNodeName -b httplistener -o connectorName -r

Results

Cross-Origin Resource Sharing is now enabled. The web page that is running in a web browser is now permitted to make HTTP requests to HTTP services that are deployed to IBM Integration Bus, where those HTTP services are being hosted on an HTTP listener for an integration server or an HTTP listener for the integration node.

What to do next

When CORS properties are modified on an HTTP listener for the integration server or an HTTP listener for the integration node, the changes take effect immediately. You are not required to restart any of the deployed HTTP services, the integration server, or the integration node.
Complete the following checks:
  • Test the configuration by making HTTP requests from a web page that is running in a web browser to the deployed HTTP services that are being hosted on the HTTP listener that you configured.
  • Check that the HTTPInput node in the message flow is called when the request is made, and that the message flow processes the request as expected.
  • Check that the response that is sent through the HTTPReply node in the message flow is returned to the web page that made the request, and that the response is not dropped by the web browser.
  • Check that this processing works for all the HTTP methods that the web page makes requests for.