How do I configure a CORS filter in IG 6.x?
The purpose of this article is to provide assistance on configuring a Cross-origin resource sharing (CORS) filter in IG.
Overview
IG 7 introduces a CorsFilter, which is available to configure policies for CORS to allow requests to be made across domains from user agents. See CorsFilter for further information.
In earlier versions, you must configure CORS in the web application container. See the Configuring a CORS filter section for further information.
Configuring a CORS filter
You can configure a CORS filter using any of the web container-level instructions as follows:
- Apache Tomcat™ - add a filter based on the org.apache.catalina.filters.CorsFilter filter class to the web.xml file (located in the /path/to/tomcat/conf/ directory). See Apache Tomcat - CORS Filter for further information.
- Jetty® - add a filter based on the org.eclipse.jetty.servlets.CrossOriginFilter class to the webdefault.xml file (located in the /path/to/jetty/etc/ directory). See Jetty - Cross Origin Filter for further information.
- JBoss® - See Enabling Cross-Origin Resource Sharing (CORS) in JBoss EAP 7 management interface for further information.
For example, a CORS filter in Tomcat would look similar to this:
<filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,PUT,DELETE,PATCH,OPTIONS,HEAD</param-value> </init-param> <init-param> <param-name>cors.allowed.headers</param-name> <param-value>Authorization,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-OpenAM-Username,X-OpenAM-Password,iPlanetDirectoryPro,Accept-API-Version,If-Match,If-None-Match,Accept-Encoding,Accept-Language,Cache-Control,Connection</param-value> </init-param> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> </init-param> <init-param> <param-name>cors.support.credentials</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>If you need IG to add the appropriate headers to CORS requests, you can use a CORS filter as described here: Setting Up IG As an UMA Resource Server. The CORS filter handles pre-flight (HTTP OPTIONS) requests and responses for all HTTP operations, and adds the appropriate headers to CORS requests.
See Also
How do I troubleshoot issues with CORS in AM (All versions)?
SameSite cookie support in AM and IG
Related Training
N/A
Related Issue Tracker IDs
N/A