Hi,
How to turn on Cross-Origin Resource Sharing (CORS) response headers to Camunda REST engine in wildfly distribution to be able to make ajax requests from standalone javascript application?
thanks ![]()
Hi,
How to turn on Cross-Origin Resource Sharing (CORS) response headers to Camunda REST engine in wildfly distribution to be able to make ajax requests from standalone javascript application?
thanks ![]()
Hi Lucian.
One possibility is to add CORS header server wide in the WildFly standalone.xml. A working example I have locally on WildFly 10 looks like this:
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="Access-Control-Allow-Origin"/>
<filter-ref name="Access-Control-Allow-Methods"/>
<filter-ref name="Access-Control-Allow-Headers"/>
<filter-ref name="Access-Control-Allow-Credentials"/>
<filter-ref name="Access-Control-Max-Age"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="*"/>
<response-header name="Access-Control-Allow-Methods" header-name="Access-Control-Allow-Methods" header-value="GET, POST, OPTIONS, PUT"/>
<response-header name="Access-Control-Allow-Headers" header-name="Access-Control-Allow-Headers" header-value="accept, authorization, content-type, x-requested-with"/>
<response-header name="Access-Control-Allow-Credentials" header-name="Access-Control-Allow-Credentials" header-value="true"/>
<response-header name="Access-Control-Max-Age" header-name="Access-Control-Max-Age" header-value="1"/>
</filters>
</subsystem>
Hope that helps
Cheers
Bernd
This worked for me. Thanks!
Worked for me too, Thanks!
header-name=âAccess-Control-Allow-Originâ header-value=â*â
Unfortunately this is no longer sufficient. We need the actual origin value here. Wildcards are not allowed.
When responding to a credentialed request, the server must specify an origin in the value of the Access-Control-Allow-Origin header, instead of specifying the â*â wildcard.
Any ideas on how to do this dynamically? And no, a servlet filter does not work.
Do you need put specifically value:
<response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="YOUR DOMAIN HERE"/>
Awesome, Itâs worked for me also.
If you are facing with below error, the wildcard option may not work.
Response to preflight request doesnât pass access control check: The value of the âAccess-Control-Allow-Originâ header in the response must not be the wildcard â*â when the requestâs credentials mode is âincludeâ
Then below settings worked for me, Wildfly 11.0
<filter-ref name="Access-Control-Allow-Origin"/>
<filter-ref name="Access-Control-Allow-Credentials"/>
<filter-ref name="Access-Control-Allow-Headers"/>
<response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="http://127.0.0.1:7000"/>
<response-header name="Access-Control-Allow-Credentials" header-name="Access-Control-Allow-Credentials" header-value="true"/>
<response-header name="Access-Control-Allow-Headers" header-name="Access-Control-Allow-Headers" header-value="accept, authorization, content-type, x-requested-with"/>