CORS Configuration - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

Cross Origin Resource Sharing (CORS) can be enabled and configured in the alfresco-global.properties file.

CORS is disabled by default. To enable it, set the following property to true:

cors.enabled=
Important: This feature is only available when using Tomcat.

If CORS is enabled then CORS requests can be made to all endpoints under /alfresco.

Use the following properties to configure CORS:

Property Description
cors.allowed.origins Set the hosts allowed in cross origin requests. By default, the value is empty, which forbids clients hosted on any server to access the resources. You can specify a host, for example, http://www.example.org:8080, which will only allow requests from this host. A * value permits all clients hosted on any server to access the resources. It’s recommended to restrict this setting to origins within your organization.
cors.allowed.methods Set which HTTP requests are permitted. Possible values should be comma separated and include:
  • DELETE
  • GET
  • HEAD
  • OPTIONS
  • POST
  • PUT
cors.allowed.headers Set which headers are permitted in request headers, manually or programmatically in addition to the ones set by the user agent. Values should be comma separated and include:
  • Accept
  • Access-Control-Request-Headers
  • Access-Control-Request-Method
  • Authorization
  • Cache-Control
  • Content-Type
  • Origin
  • X-CSRF-Token
  • X-Requested-With
cors.exposed.headers Set which headers are whitelisted for the client to access from the server.
cors.support.credentials Set whether HTTP cookie and HTTP authentication-based credentials are allowed. This is a boolean value.
cors.preflight.maxage Set the maximum time (in minutes) for caching a preflight request. Preflighted requests use the OPTIONS method to verify resource availability and then request it.

The following is an example configuration for the alfresco-global.properties file:

cors.enabled=true
cors.allowed.origins=http://alfresco.com:8080
cors.allowed.methods=GET,POST,PUT
cors.allowed.headers=Authorization,Content-Type,Cache-Control,X-Requested-With,X-CSRF-Token
cors.exposed.headers=Access-Control-Allow-Origin,Access-Control-Allow-Credentials
cors.support.credentials=true
cors.preflight.maxage=10