If CORS is enabled then CORS requests can be made to all endpoints under /alfresco
Use the following properties to configure CORS:
|cors.allowed.origins||Set the hosts allowed in cross origin requests.
By default, the value is empty, which forbids clients hosted on any server to access the resources.
You can specify a host, for example, http://www.example.org:8080, which will only allow requests from this host.
A * value permits all clients hosted on any server to access the resources.
It is recommended to restrict this setting to origins within your organization.
|cors.allowed.methods||Set which HTTP requests are permitted. Possible values should be comma separated
|cors.allowed.headers||Set which headers are permitted in request headers, manually or programmatically in
addition to the ones set by the user agent. Values should be comma separated and include:
|cors.exposed.headers||Set which headers are whitelisted for the client to access from the server.|
|cors.support.credentials||Set whether HTTP cookie and HTTP authentication-based credentials are allowed.
This is a boolean value.
|cors.preflight.maxage||Set the maximum time for caching a preflight request.
Preflighted requests use the OPTIONS method to verify resource availability and then request it.
This property is expressed in minutes.
The following is an example configuration for the alfresco-global.properties file:
cors.enabled=true cors.allowed.origins=http://alfresco.com:8080 cors.allowed.methods=GET,POST,PUT cors.allowed.headers=Authorization,Content-Type,Cache-Control,X-Requested-With,X-CSRF-Token cors.exposed.headers=Access-Control-Allow-Origin,Access-Control-Allow-Credentials cors.support.credentials=true cors.preflight.maxage=10