Configuring CORS for the REST API
By default, a web browser does not allow scripts, such as JavaScript, to invoke the REST API when the script is not from the same origin as the REST API. That is, cross-origin requests are not enabled. You can configure Cross Origin Resource Sharing (CORS) to allow cross-origin requests from specified origins.
About this task
You can access the REST API through a web browser, for example through a script. As these requests are from a different origin to the REST API, the web browser refuses the request because it is a cross-origin request. The origin is different if the domain, port, or scheme is not the same.
For example, if you have a script that is hosted at http://localhost:1999/ you make a cross-origin request if you issue an HTTP GET on a website that is hosted at https://localhost:9443/. This request is a cross-origin request because the port numbers and scheme (HTTP) are different.
You can enable cross-origin requests by configuring CORS and specifying the origins that are allowed to access the REST API.
For more information about CORS, see https://www.w3.org/TR/cors/ and https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.
Procedure
Example
setmqweb properties -k mqRestCorsAllowedOrigins -v "http://localhost:9883,https://localhost:1999,https://localhost:9663"
setmqweb properties -k mqRestCorsMaxAgeInSeconds -v 90