How enable cross origin auth settion for camunda engien-rest application?


I’d like to configure cross-origin session or header allowance for the Camunda engine-rest application. Specifically, I need to authenticate against engine-rest from outside the running Camunda instance.

When running an Apache Tomcat Camunda instance, the default login page of the Camunda frontend sends a request (to the local machine where Camunda is running) to http://localhost:8080/camunda/api/admin/auth/user/default/login/tasklist with the username and password as credentials in the payload. In return, it receives a header named XSRF-TOKEN. This header allows us to send requests to the Camunda engine-rest from cross-origin applications.

How can I configure the engine-rest to send back ACCESS-ALLOW-ORIGIN=“my custom origin” and send the header not as HTTP only and with the same site? Any help would be appreciated.