Configure Cross-Origin Resource Sharing - ALE Learnset Manager - 23.1 - 23.1 - Brainware - external

ALE Learnset Manager Installation and Upgrade Guide

ALE Learnset Manager

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain or port) other than its own from which a browser should load resources. CORS also relies on a mechanism by which browsers make a preflight request to the server hosting the cross-origin resource, to check if the server permits the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers to be used in the actual request.

The following headers are used:

  • Access-Control-Allow-Origin: This specifies either a single origin which tells browsers to allow that origin to access the resource or else the (*) wildcard tells browsers to allow any origin to access the resource. By default, Access-Control-Allow-Origin is set as a * wildcard.
  • Access-Control-Allow-Headers: This header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request. By default, Access-Control-Allow-Headers is set as origin,content-type,accept,authorization.
  • Access-Control-Allow-Methods: This response header specifies one or more methods allowed when accessing a resource in response to a preflight request. By default, Access-Control-Allow-Methods is set for GET, POST, PUT, DELETE, OPTIONS, HEAD.
  • Access-Control-Max-Age: This header indicates how long the results of a preflight request can be cached. By default, Access-Control-Max-Age is set as 600 and unit is considered as seconds.

To configure the CORS Access-Control features in ALM, complete the following steps:

  1. Stop the Apache Tomcat service.
  2. Navigate to the <Server directory>\ALM\WEB-INF\conf folder.
  3. Open alm-tomcat.xml.
  4. Search for CorsFilter as a class.
  5. Verify the values for the following Access-Controls:
    • property name = ‘allowOrigin’ refers ‘Access-Control-Allow-Origin’ and its corresponding value.
    • property name = ‘allowHeaders’ refers ‘Access-Control-Allow-Headers’ and its corresponding value.
    • property name = ‘allowMethods’ refers ‘Access-Control-Allow-Methods’ and its corresponding value.
    • property name = ‘allowMaxAge’ refers ‘Access-Control-Max-Age’ and its corresponding value.
  6. Change the CORS Access-Control value(s), as required.
  7. Save alm-tomcat.xml.
  8. Restart Tomcat server.