Configuring Cross-Origin Resource Sharing on a z/OS Connect (OpenAPI 2) Server
CORS is enabled in IBM z/OS Connect by using the
cors configuration element. For more information, see Configuring Cross Origin Resource Sharing on a Liberty server in the
WebSphere Application Server for z/OS Liberty documentation.
To enable API toolkit connections, you must have a
cors definition in your
server.xml. When you create a server by using one of the server templates
supplied with the product, a
cors element that enables API toolkit connections, is
automatically added to the server.xml configuration file. The following excerpt
from the server.xml shows a
cors element definition that
allows API toolkit connections.
<cors id="defaultCORSConfig" domain="/" allowedOrigins="*" allowedMethods="GET, POST, PUT, DELETE, OPTIONS" allowedHeaders="Origin, Content-Type, Authorization, Cache-Control, Expires, Pragma" allowCredentials="true" maxAge="3600" />
You may want to customize this configuration further to, for example, restrict the allowed origins.
cors element definition. For example, the
allowedHeaders attribute, on the
cors element, must specify all
headers that you want to be permitted on any request. The CORS access control headers themselves do
not need to be listed.
*=info:CorsService=all:GenericBNF=all. For more information, see Enabling trace in IBM z/OS Connect server.