IBM Support

Configuring CORS for WebSphere Application Server

How To


Summary

This document describes how to configure Cross Origin Resource Sharing (CORS) headers for WebSphere Application Server, WebSphere Liberty, and IBM HTTP Server.

By default, pages running on a domain such as "origin.example.com" are not able to fetch pages from other domains such as "api.example.com" with JavaScript.  These requests are blocked unless api.example.com returns special headers that direct the browser accessing origin.example.com that cross-origin requests are permitted.

This document assumes https://api.example.com/my-service provides an API intended to be called from sites running as part of the interactive site http://origin.example.com.  Furthermore, http://api.example.com/my-service is powered by WebSphere and is the environment the reader has access to reconfigure.   

It is only necessary to configure CORS in either the webserver or the application server

Document Location

Worldwide

[{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m0z0000001g1TAAQ","label":"IHS-\u003ESecurity \/ Vulnerabilities-\u003ESecurity Headers"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"},{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"ARM Category":[{"code":"a8m0z0000001g1TAAQ","label":"IHS-\u003ESecurity \/ Vulnerabilities-\u003ESecurity Headers"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
03 March 2025

UID

ibm16348518

Page Feedback