Configuring Cross-Origin Resource Sharing (CORS) Whitelist
Configuring Cross-Origin Resource Sharing (CORS) Whitelist for IBM Connections™.
About this task
Before you begin verify Cross-Origin Resource Sharing.
Update the Connections Trusted Websites List
Procedure
- To allow the file picker code to be downloaded from the integration service, but access the Files APIs to retrieve information about a user's files, the domain of the integration service must be allowed in the CORS.Trusted.WebSites list.
- Edit the LotusConnections-config.xml file which can be found in the LotusConnections-config directory beneath the WAS cell configuration. For example, at at/opt/IBM/WebSphere/AppServer/profiles/profileName/config/cells/cellName/LotusConnections-config/LotusConnections-config.xml.
-
Locate the CORS.Trusted.WebSitesproperty and add the
apps.na.collaberserv.com host into the list, taking care not to disturb any
entries that might already exist.
<genericProperty name="CORS.Trusted.Websites">cnx-slack-ui.a3.conncloudk8s.com, cnx-slack-service.a3.conncloudk8s.com
- If the Connections service is not running in the Network Deployment cells, restart the appropriate WAS node where the configuration was changed.
- If Connections is running in the Network Deployment cells, the configuration must be synchronized across the cluster nodes before they are restarted.
What to do next
- Update the HTTP Server CORS Header Handling
-
- Edit the httpd.conf file which can be found in the /opt/IBM/HTTPServer/conf directory. For example, at /opt/IBM/HTTPServer/conf/httpd.conf .
- At the end of the file add a Location stanza for the /oauth2 endpoint and add
the following entries:
<Location /oauth2> # Allow CORS related access control headers in requests for /oauth2 Header unset Access-Control-Allow-Origin SetEnvIf Origin "^https://(cnx-slack.*)?(\.conncloudk8s\.com)$" origin_is=$0 Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" Header always set Access-Control-Max-Age "1000" Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, Origin, Authorization, Accept, client-security-token" # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request. RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L] </Location>
- Once the file has been updated, stop and start the HTTP server. From the
/opt/IBM/HTTPServer/bin directory execute the following commands:
sudo ./apachectl stop sudo ./apachectl start