Jump to: navigation, search
 
(10 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
=CORS filter=
 
=CORS filter=
__TOC__
+
__NOTOC__
==Overview==
+
Web Services supports Cross-Origin Resource Sharing (CORS) filter, which allows applications to request resources from another domain. For general information and background on CORS, see {{#Widget:ExtLink|link=http://en.wikipedia.org/wiki/Cross-origin_resource_sharing|displaytext=Cross-Origin Resource Sharing}}.
Web Services supports Cross Domain (CORS) filter, which allows applications to requested resources from another domain.  
 
For more information on CORS, refer to {{#Widget:ExtLink|link=http://en.wikipedia.org/wiki/Cross-origin_resource_sharing|displaytext=Cross-origin resource sharing}}.
 
  
==Configuration==
+
{{NoteFormat|CORS must be enabled for the screen recording options to be available in the Speechminer Web UI when the using Microsoft Internet Explorer web browser.}}
Web Services provides configuration options for CORS Filter which includes system wide configuration applying to all contact centers. Each contact center can also provision its <tt>allowOrigins</tt>.
 
  
==Parameters==
+
To set up Cross-Origin Resource Sharing, make sure you set the [[HTCCConfigurationOptionsReference#crossOriginSettings|crossOriginSettings]] option in the serverSettings section of the '''application.yaml''' file on each of your Web Services nodes ('''server-settings.yaml''' if you're installing Web Services and Applications version 8.5.201.09 or earlier). It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the '''exposedHeaders''' setting with a value that includes <tt>X-CSRF-HEADER,X-CSRF-TOKEN</tt>.
Edit the <tt>server-settings.yaml</tt> file and define the following parameters under <tt>crossOriginSettings</tt>:
 
  
{|
+
For example, your configuration might look like this:  
! Name
+
<source lang="text">
! Type
 
! Description
 
! Default
 
! Required
 
|-
 
| allowedOrigins
 
| String
 
| String of allowed origins supported by this node.
 
For example: <source lang="html4strict">http://*.genesys.com, http://*.genesyslab.com</source>
 
| empty
 
| N
 
|-
 
| allowedMethods
 
| String
 
| HTTP methods supported by the server.
 
| GET,POST,PUT,DELETE,OPTIONS
 
| N
 
|-
 
| allowedHeaders
 
| String
 
| <tt>Access-Control-Allow-Headers</tt> header as part of the response to a pre-flight request which specifies which header field names can be used during the request.
 
| X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN
 
| N
 
|-
 
| allowCredentials
 
| String
 
| Value of the <tt>Access-Control-Allow-Credentials</tt> header. This should typically be left at the default value.
 
| <tt>true</tt>
 
| N
 
|-
 
| corsFilterCacheTimeToLive
 
| Number
 
| Values of delay after contact center <tt>allowDomain</tt> updating takes effect.
 
| 120
 
| N
 
|-
 
| exposedHeaders
 
| String
 
| Configures what custom headers are allowed in cross-origin HTTP responses. This value should not need to be modified from the default.
 
| X-CSRF-HEADER,X-CSRF-TOKEN
 
| N
 
|}
 
 
 
'''Example'''
 
<pre>
 
 
crossOriginSettings:
 
crossOriginSettings:
 
     corsFilterCacheTimeToLive: 120
 
     corsFilterCacheTimeToLive: 120
     allowedOrigins: https://*.salesforce.com, https://*.force.com, http://127.0.0.1:9090
+
     allowedOrigins: http://*.genesys.com, http://*.genesyslab.com
 
     allowedMethods: GET,POST,PUT,DELETE,OPTIONS
 
     allowedMethods: GET,POST,PUT,DELETE,OPTIONS
 
     allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
 
     allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
 
     allowCredentials: true
 
     allowCredentials: true
 
     exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"
 
     exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"
</pre>
+
</source>
  
 +
For more information about CORS in the Web Services API, see [[Documentation:HTCC:API:CORS|Cross-Origin Resource Sharing]].
  
 
==Next step==
 
==Next step==

Latest revision as of 07:04, November 2, 2021

CORS filter

Web Services supports Cross-Origin Resource Sharing (CORS) filter, which allows applications to request resources from another domain. For general information and background on CORS, see Cross-Origin Resource Sharing.

Important
CORS must be enabled for the screen recording options to be available in the Speechminer Web UI when the using Microsoft Internet Explorer web browser.

To set up Cross-Origin Resource Sharing, make sure you set the crossOriginSettings option in the serverSettings section of the application.yaml file on each of your Web Services nodes (server-settings.yaml if you're installing Web Services and Applications version 8.5.201.09 or earlier). It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the exposedHeaders setting with a value that includes X-CSRF-HEADER,X-CSRF-TOKEN.

For example, your configuration might look like this: 

crossOriginSettings:
    corsFilterCacheTimeToLive: 120
    allowedOrigins: http://*.genesys.com, http://*.genesyslab.com
    allowedMethods: GET,POST,PUT,DELETE,OPTIONS
    allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
    allowCredentials: true
    exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"

For more information about CORS in the Web Services API, see Cross-Origin Resource Sharing.

Next step

This page was last edited on November 2, 2021, at 07:04.
Comments or questions about this documentation? Contact us for support!