Skip to content

Enhanced Cross Origin Resource Sharing Configuration

Enhanced Cross Origin Resource Sharing Configuration adds new options for HCL Digital Experience administrators to set configuration for CORS using a WP configuration service in the IBM WebSphere Application Server resource environment provider. This new configuration option is supported with HCL DX 9.5 Container Update CF195 and higher, and HCL DX CF196 and higher for customers deploying to on premises platforms.

Introduction

CORS stands for Cross Origin Resource Sharing and describes a pattern on how to share data between different source origins for JavaScript. There is high demand within the Web Community to mashup services and combine them in a common UI. Up until this option, Web browsers did not allow requests to systems to be send across Origin borders. CORS changes this paradigm and now pushes the responsibility for such verifications to the Web server. To support this, the server side needs to differentiate if the incoming request is trusted and should be processed, or if it should be blocked.

How to work with CORS in HCL DX

It is possible to control which origins can work with an instance of HCL Digital Experience core Portal and Web Content services. By default, DX only grants JavaScript of the same origin access to functions of the DX server. You can modify this default by configuring a list of trusted domains inside of DX. Prior to this configuration update, the list of trusted domains had to be defined in the DX web.xml, which added steps to deploy and update.

Reference the existing documentation on the HCL Support Site – Technote that presents these steps, for the current supported deployment pattern: DX CORS Headers

This enhancement, available with HCL DX 9.5 Container Update CF195 and higher, enables the configuration to be set inside the WP ConfigService IBM WebSphere Application Server resource environment provider. The change requires a restart of HCL DX Core.

Sample

The sample below shows how to define the properties for two entries.

com.ibm.portal.cors.domain.0.entry=http://
test.hcl.com com.ibm.portal.cors.domain.0.methods=PUT, GET 
com.ibm.portal.cors.domain.0.allowheaders=* 
com.ibm.portal.cors.domain.0.exposeheaders=MyHeader 
com.ibm.portal.cors.domain.1.entry=http://test2.hcl.com

Configuration explanation

  • com.ibm.portal.cors.domain.number.maxage

    Defines the max age for the granted permission. Default value is 1000.

  • com.ibm.portal.cors.domain.number.methods

    Defines the methods allowed for this domain. Default is GET, OPTIONS.

  • com.ibm.portal.cors.domain.number.allowheaders

    Headers to allow.

  • com.ibm.portal.cors.domain.number.exposeheaders

    Headers to expose.

Related information