Troubleshooting
Problem
This document will describe the configuration needed to allow an HTTP server on the IBM i platform to support Cross-Origin Resource Sharing (CORS).
For information about IBM HTTP Server on Linux, AIX, Solaris, HP-UX, Windows or z/OS, or for CORS on WebSphere Application Server, see this technote instead: https://www.ibm.com/support/pages/node/6348518
Resolving The Problem
To enable CORS for an HTTP server the following needs to be added to the configuration:
V7R1 and below (Apache 2.2.x):
<Location /> order allow,deny allow from all Header set Access-Control-Allow-Origin "*" </Location>
For those with additional requirements for CORS the following can be used:
<Location/> order allow,deny allow from all Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST,GET,OPTIONS,DELETE,PUT" Header always set Access-Control-Max-Age "3600" Header always set Access-Control-Allow-Headers "Content-Type,Authorization" RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L] </Location>
V7R2 and above (Apache 2.4.x):
<Location /> Require All granted Header set Access-Control-Allow-Origin "*" </Location>
For those with additional requirements for CORS the following can be used:
<Location/> Require all granted Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST,GET,OPTIONS,DELETE,PUT" Header always set Access-Control-Max-Age "3600" Header always set Access-Control-Allow-Headers "Content-Type,Authorization" RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L] </Location>
Once these directives the HTTP server needs to be ended and restarted (replace serverName with the HTTP instance name):
ENDTCPSVR SERVER(*HTTP) HTTPSVR(serverName)
STRTCPSVR SERVER(*HTTP) HTTPSVR(serverName)
Was this topic helpful?
Document Information
Modified date:
15 October 2020
UID
nas8N1022213