Jump to: navigation, search
 
(31 intermediate revisions by 4 users not shown)
Line 1: Line 1:
=Cross Domain (CORS) Filter=
+
=CORS filter=
This is part of the [[Deploy|Deployment Guide]] for the [[Welcome|Genesys Web Services]].
 
 
 
 
__NOTOC__
 
__NOTOC__
==Overview==
+
Web Services supports Cross-Origin Resource Sharing (CORS) filter, which allows applications to request resources from another domain. For general information and background on CORS, see {{#Widget:ExtLink|link=http://en.wikipedia.org/wiki/Cross-origin_resource_sharing|displaytext=Cross-Origin Resource Sharing}}.
GWS Supports CORS Filter which allows applications to requested resources from another domain. For more information on CORS Filter, please refer to [http://en.wikipedia.org/wiki/Cross-origin_resource_sharing http://en.wikipedia.org/wiki/Cross-origin_resource_sharing].
 
  
==Configuration==
+
{{NoteFormat|CORS must be enabled for the screen recording options to be available in the Speechminer Web UI when the using Microsoft Internet Explorer web browser.}}
GWS provides configurations options for CORS Filter which includes system wide configuration applying to all contact centers. Also each contact center can provisioning its allowOrigions.
 
  
==Operations==
+
To set up Cross-Origin Resource Sharing, make sure you set the [[HTCCConfigurationOptionsReference#crossOriginSettings|crossOriginSettings]] option in the serverSettings section of the '''application.yaml''' file on each of your Web Services nodes ('''server-settings.yaml''' if you're installing Web Services and Applications version 8.5.201.09 or earlier). It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the '''exposedHeaders''' setting with a value that includes <tt>X-CSRF-HEADER,X-CSRF-TOKEN</tt>.
The following operations are available for this group:
 
{|
 
! Operation
 
! Description
 
! Permissions
 
|-
 
| GET
 
| Retrieves an array of settings
 
| Contact Center Admin
 
|-
 
| POST
 
| Creates a new setting in this group. "allowedOrigins" is the only valid setting.
 
| Contact Center Admin
 
|-
 
| PUT
 
| Updates a setting.
 
| Contact Center Admin
 
|-
 
| DELETE
 
| Removes a setting.
 
| Contact Center Admin
 
|}
 
  
==Parameters==
+
For example, your configuration might look like this:  
Edit the <tt>server-settings.yaml</tt> file and define the following parameters under <tt>crossOriginSettings</tt>:
+
<source lang="text">
 
 
{|
 
! Name
 
! Type
 
! Description
 
! Required
 
|-
 
| allowedOrigins
 
| String
 
| String of allowed origins supported by this node. e.g. http://*.genesys.com, http://*.genesyslab.com
 
Default  value: empty
 
| N
 
|-
 
| allowedMethods
 
| String
 
| HTTP methods supported by the server.
 
| default to GET,POST,PUT,DELETE,OPTIONS
 
| N
 
|-
 
| allowedHeaders
 
| String
 
| Access-Control-Allow-Headers header as part of the response to a preflight request which specifies which header field names can be used during the actual request.
 
Default to:
 
X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId
 
| N
 
|-
 
| allowCredentials
 
| String
 
| Value of the Access-Control-Allow-Credentials header which indicates whether the response to request can be exposed when the omit credentials flag is unset.
 
| default to true
 
| N
 
|-
 
| corsFilterCacheTimeToLive
 
| Number
 
| Values of delay after contact center <tt>allowDomain</tt> updating takes effect.
 
default to 120
 
| N
 
|}
 
 
 
'''Example'''
 
<pre>
 
 
crossOriginSettings:
 
crossOriginSettings:
 
     corsFilterCacheTimeToLive: 120
 
     corsFilterCacheTimeToLive: 120
     allowedOrigins: http://*.google.com, http://*.gmail.com
+
     allowedOrigins: http://*.genesys.com, http://*.genesyslab.com
 
     allowedMethods: GET,POST,PUT,DELETE,OPTIONS
 
     allowedMethods: GET,POST,PUT,DELETE,OPTIONS
     allowedHeaders: "X-Requested-With,Content-Type,Accept,​Origin,Cookie,authorization,ssid,surl,​ContactCenterId"
+
     allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
 
     allowCredentials: true
 
     allowCredentials: true
</pre>
+
    exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"
 
+
</source>
===Contact Center Allow Domain Settings===
 
Each contact center can define their own allow origin list through GWS access control settings.
 
GWS will filter incoming request by merging global <tt>allowOrigins</tt> and contact center access control settings by using an <tt>Admin</tt> account.
 
 
 
Here is an example of how to setup access-control for contact center:
 
* To Create the access-control, use POST
 
* To Update the access-control, use PUT
 
 
 
<pre>
 
POST or PUT /api/v2/settings/access-control
 
{
 
  “name”:”allowedOrigins”,
 
  “value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com", "https://*.genesys.com"]
 
}
 
</pre>
 
 
 
or through ops account:
 
 
 
<pre>
 
POST or PUT /api/v2/ops/contact-centers/<contact-center-id>/settings/access-control
 
{
 
  “name”:”allowedOrigins”,
 
  “value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com", "https://*.genesys.com"]
 
}
 
</pre>
 
 
 
  
==Access Control==
+
For more information about CORS in the Web Services API, see [[Documentation:HTCC:API:CORS|Cross-Origin Resource Sharing]].
  
 +
==Next step==
 +
*[[Security|Back to Configuring security]]
  
 
[[Category:V:HTCC:8.5.2DRAFT]]
 
[[Category:V:HTCC:8.5.2DRAFT]]

Latest revision as of 07:04, November 2, 2021

CORS filter

Web Services supports Cross-Origin Resource Sharing (CORS) filter, which allows applications to request resources from another domain. For general information and background on CORS, see Cross-Origin Resource Sharing.

Important
CORS must be enabled for the screen recording options to be available in the Speechminer Web UI when the using Microsoft Internet Explorer web browser.

To set up Cross-Origin Resource Sharing, make sure you set the crossOriginSettings option in the serverSettings section of the application.yaml file on each of your Web Services nodes (server-settings.yaml if you're installing Web Services and Applications version 8.5.201.09 or earlier). It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the exposedHeaders setting with a value that includes X-CSRF-HEADER,X-CSRF-TOKEN.

For example, your configuration might look like this: 

crossOriginSettings:
    corsFilterCacheTimeToLive: 120
    allowedOrigins: http://*.genesys.com, http://*.genesyslab.com
    allowedMethods: GET,POST,PUT,DELETE,OPTIONS
    allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
    allowCredentials: true
    exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"

For more information about CORS in the Web Services API, see Cross-Origin Resource Sharing.

Next step

This page was last edited on November 2, 2021, at 07:04.
Comments or questions about this documentation? Contact us for support!