配置跨域资源共享 (CORS)
Configure cross-origin resource sharing (CORS) to allow a web application from another origin to access resources on a Domino web server.
About this task
For security reasons, most browsers comply with the same-origin policy rule. This rule restricts a web page loaded from one origin from accessing resources on a different server (or origin). CORS allows you to define exceptions to the same-origin policy. Most browsers support CORS.
- CORS is supported as of Domino 10.0.1 Fix Pack 2.
- CORS is supported on Windows, Linux and IBM AIX. It is not supported on IBM i.
For example, assume a web application loaded from Server A (an Apache server) makes REST API requests to Server B (a Domino server). Configure CORS on Server B to allow a web page loaded from Server A to make REST API requests to Server B.
CORS works for Domino Access Services (DAS) APIs and other kinds of REST APIs hosted on Domino. Indeed, CORS works for any type of Domino HTTP resource.
Complete the following steps to configure CORS on a Domino server.
Procedure
-
To enable CORS:
- If not using internet sites, enable CORS in the
Server document of the Domino server:
- Open the Server document in the Domino directory.
- Select tab.
- In the DSAPI section, add the following value
to the DSAPI filter file
names field:
- (Windows) ncorsext
- (All other platforms) corsext
- If using internet sites, enable CORS in the Internet
site document for sites on which it is wanted:
- Open the Internet site document, then select the configuration tab.
- In the DSAPI section, add the following value
to the DSAPI filter file
names field:
- (Windows) ncorsext
- (All other platforms) corsext
- If not using internet sites, enable CORS in the
Server document of the Domino server:
-
Create a JSON file that defines the origins that can access the Domino server:
Note: If you enabled CORS through an Internet site document, complete this step and the next one on each server that is associated with the Web site.
- Create a new folder, cors, in the ...Domino\data\domino folder on the server.
- Create a new file cors-rules.json in cors folder.
- In cors-rules.json define the origins that the Domino server can access. For details, see CORS JSON configuration.
-
Stop and restart the HTTP server task:
tell http quit load http
Results
HTTP Server: DSAPI CORS Filter Loaded successfully
HTTP Server: Failed to load DSAPI module ncorsext