Troubleshooting
Problem
This document will describe the configuration needed to allow an HTTP server on the IBM i platform to support Cross-Origin Resource Sharing (CORS).
For information about IBM HTTP Server on Linux, AIX, Solaris, HP-UX, Windows or z/OS, or for CORS on WebSphere Application Server, see this technote instead: https://www.ibm.com/support/pages/node/6348518
Resolving The Problem
To enable CORS for an HTTP server the following needs to be added to the configuration:
V7R1 and below (Apache 2.2.x):
<Location /> order allow,deny allow from all Header set Access-Control-Allow-Origin "*" </Location>
For those with additional requirements for CORS the following can be used:
<Location/>
order allow,deny
allow from all
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST,GET,OPTIONS,DELETE,PUT"
Header always set Access-Control-Max-Age "3600"
Header always set Access-Control-Allow-Headers "Content-Type,Authorization"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Location>
V7R2 and above (Apache 2.4.x):
<Location /> Require All granted Header set Access-Control-Allow-Origin "*" </Location>
For those with additional requirements for CORS the following can be used:
<Location/>
Require all granted
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST,GET,OPTIONS,DELETE,PUT"
Header always set Access-Control-Max-Age "3600"
Header always set Access-Control-Allow-Headers "Content-Type,Authorization"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Location>
Once these directives the HTTP server needs to be ended and restarted (replace serverName with the HTTP instance name):
ENDTCPSVR SERVER(*HTTP) HTTPSVR(serverName)
STRTCPSVR SERVER(*HTTP) HTTPSVR(serverName)
Was this topic helpful?
Document Information
Modified date:
15 October 2020
UID
nas8N1022213