You are here

Working with single page web applications

When calling APIs on the repository directly from the browser, you may run into CSRF and CORS issues.

Configuring CSRF

The Application Development Framework (ADF) documentation contains some information on how to configure CSRF. For more information, see Flag to disable csrf in the core and in the demo shell and Prerequisites for building and running apps with the Alfresco Application Development Framework.

Enable CORS in Alfresco

The web client for ADF will be loaded from a different web server than the on which Alfresco runs. So, the Alfresco server needs to know that any request that comes in from this custom web client should be allowed access to the repository. This is done by enabling cross-origin resource sharing (CORS).

To enable CORS in the Alfresco, do one of the following:

  • Download and install the CORS module
    1. Download the CORS module.
    2. Stop the Alfresco server.
    3. Add the enable CORS platform module JAR to the <ALFRESCO_HOME>/modules/platform directory.
    4. Restart the Alfresco server.
      Note: By default, the CORS filter that is enabled will allow any origin.
  • Manually update the web.xml file
    1. Open <ALFRESCO_HOME>/tomcat/webapps/alfresco/WEB-INF/web.xml.
    2. Uncomment the following section:
      <filter-mapping>
          <filter-name>CORS</filter-name>
          <url-pattern>/api/*</url-pattern>
          <url-pattern>/service/*</url-pattern>
          <url-pattern>/s/*</url-pattern>
          <url-pattern>/cmisbrowser/*</url-pattern>
      </filter-mapping>
    3. Update cors.allowOrigin URL to http://localhost:3000. Make sure to use the URL that will be used by the web client.

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.