(Auto-creation of topic Documentation:HTCC:Dep:CORS:8.5.2DRAFT via TOC Documentation:HTCC:DepTOC8.5.2DRAFT) |
|||
| (33 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
| − | = CORS= | + | =CORS filter= |
| + | __NOTOC__ | ||
| + | Web Services supports Cross-Origin Resource Sharing (CORS) filter, which allows applications to request resources from another domain. For general information and background on CORS, see {{#Widget:ExtLink|link=http://en.wikipedia.org/wiki/Cross-origin_resource_sharing|displaytext=Cross-Origin Resource Sharing}}. | ||
| + | |||
| + | {{NoteFormat|CORS must be enabled for the screen recording options to be available in the Speechminer Web UI when the using Microsoft Internet Explorer web browser.}} | ||
| + | |||
| + | To set up Cross-Origin Resource Sharing, make sure you set the [[HTCCConfigurationOptionsReference#crossOriginSettings|crossOriginSettings]] option in the serverSettings section of the '''application.yaml''' file on each of your Web Services nodes ('''server-settings.yaml''' if you're installing Web Services and Applications version 8.5.201.09 or earlier). It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the '''exposedHeaders''' setting with a value that includes <tt>X-CSRF-HEADER,X-CSRF-TOKEN</tt>. | ||
| + | |||
| + | For example, your configuration might look like this: | ||
| + | <source lang="text"> | ||
| + | crossOriginSettings: | ||
| + | corsFilterCacheTimeToLive: 120 | ||
| + | allowedOrigins: http://*.genesys.com, http://*.genesyslab.com | ||
| + | allowedMethods: GET,POST,PUT,DELETE,OPTIONS | ||
| + | allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN" | ||
| + | allowCredentials: true | ||
| + | exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN" | ||
| + | </source> | ||
| + | |||
| + | For more information about CORS in the Web Services API, see [[Documentation:HTCC:API:CORS|Cross-Origin Resource Sharing]]. | ||
| + | |||
| + | ==Next step== | ||
| + | *[[Security|Back to Configuring security]] | ||
[[Category:V:HTCC:8.5.2DRAFT]] | [[Category:V:HTCC:8.5.2DRAFT]] | ||
Latest revision as of 07:04, November 2, 2021
CORS filter
Web Services supports Cross-Origin Resource Sharing (CORS) filter, which allows applications to request resources from another domain. For general information and background on CORS, see Cross-Origin Resource Sharing.
To set up Cross-Origin Resource Sharing, make sure you set the crossOriginSettings option in the serverSettings section of the application.yaml file on each of your Web Services nodes (server-settings.yaml if you're installing Web Services and Applications version 8.5.201.09 or earlier). It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the exposedHeaders setting with a value that includes X-CSRF-HEADER,X-CSRF-TOKEN.
For example, your configuration might look like this:
crossOriginSettings:
corsFilterCacheTimeToLive: 120
allowedOrigins: http://*.genesys.com, http://*.genesyslab.com
allowedMethods: GET,POST,PUT,DELETE,OPTIONS
allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
allowCredentials: true
exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"For more information about CORS in the Web Services API, see Cross-Origin Resource Sharing.