(Optional) Configuring cross origin resource sharing (CORS)

Cross origin resource sharing (CORS) allows requests from a different URL to be processed by the REST service that is running in the API container, and allows responses to be returned.

About this task

You enable the resource sharing by updating and adding the CORS.xml file to the /configDropins/override directory for the Content Services GraphQL API container.
Note: Rename the CORS.xml in the override directory to zCORS.xml. This ensures a file order that means this version of the cross origin resource sharing will override any other version.

Procedure

To configure the zCORS.xml file:

  1. Copy the zCORS.xml sample file from the Github location.
  2. Save the copy to the /configDropins/override directory for your Content Services GraphQL API container.
  3. Edit the allowedOrigins parameter and enter the client domain names.
    The domain name consists of HTTP (non-SSL) or HTTPS (SSL), and the Navigator host name and port that matches the requests coming from the client.
    For example:
    <server>
    
        <!-- https://www.ibm.com/support/knowledgecenter/en/SSEQTP_liberty/com.ibm.websphere.liberty.autogen.nd.doc/ae/rwlp_config_cors.html -->
    
        <cors domain="/content-services-graphql"
    
            allowedOrigins="https://www.domain1.com:port, http://www.domain1.com:port, https://www.domain2.com:port, http://www.domain2.com:port"
    
            allowedMethods="GET, POST"
    
            allowedHeaders="Connection,Pragma,Cache-Control,XSRFtoken,Origin,User-Agent,Content-Type,Content-Length,Accept-Control-Request-Method,Accept-Control-Request-Headers,Accept,Referer,Accept-Encoding,Accept-Language,DNT,Host,Content-Length,Cache-control,Cookie"
    
           exposeHeaders="Content-Length,Content_Type,Content-Language,X-Powered-By,Date,Allow,Transfer-Encoding,$WSEP,DNT,Access-Control-Allow-Credentials,Access-Control-Allow-Headers,Access-Control-Allow-Max-Age,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Expose-Headers,Connection,Cache-control,Cookie"
    
            allowCredentials="true"
    
            maxAge="3600" />
    
    </server>

    You can add both HTTP and HTTPS values for the allowedOrigins value. Use a comma to separate multiple values for the entry.

    Trailing slashes (/) are not allowed.

    Important: Do not modify any parameter values other than the allowedOrigins value.