Jump to: navigation, search
Line 1: Line 1:
 
=Cross Domain (CORS) Filter=
 
=Cross Domain (CORS) Filter=
This is part of the [[Dep|Deployment Guide]] for the [[HTCC|Genesys Web Services]].
+
This is part of the [[Welcome|Deployment Guide]] for the [[Documentation:HTCC|Genesys Web Services]].
  
__NOTOC__
+
__TOC__
 
==Overview==
 
==Overview==
GWS Supports CORS Filter which allows applications to requested resources from another domain. For more information on CORS Filter, please refer to [http://en.wikipedia.org/wiki/Cross-origin_resource_sharing http://en.wikipedia.org/wiki/Cross-origin_resource_sharing].
+
Genesys Web Services supports Cross Domain (CORS) Filter, which allows applications to requested resources from another domain.  
 +
For more information on CORS Filter, please refer to [http://en.wikipedia.org/wiki/Cross-origin_resource_sharing http://en.wikipedia.org/wiki/Cross-origin_resource_sharing].
  
 
==Configuration==
 
==Configuration==
GWS provides configurations options for CORS Filter which includes system wide configuration applying to all contact centers. Also each contact center can provisioning its allowOrigions.
+
Genesys Web Services provides configuration options for CORS Filter which includes system wide configuration applying to all contact centers. Each contact center can also provision its <tt>allowOrigions</tt>.
  
 
==Operations==
 
==Operations==
Line 21: Line 22:
 
|-
 
|-
 
| POST
 
| POST
| Creates a new setting in this group. "allowedOrigins" is the only valid setting.
+
| Creates a new setting in this group. <tt>allowedOrigins</tt> is the only valid setting.
 
| Contact Center Admin
 
| Contact Center Admin
 
|-
 
|-
Line 39: Line 40:
 
! Name
 
! Name
 
! Type
 
! Type
! Description
+
! Description
 +
! Default
 
! Required
 
! Required
 
|-
 
|-
 
| allowedOrigins  
 
| allowedOrigins  
 
| String
 
| String
| String of allowed origins supported by this node. e.g. http://*.genesys.com, http://*.genesyslab.com
+
| String of allowed origins supported by this node.
Default  value: empty
+
For example: http://*.genesys.com, http://*.genesyslab.com
 +
| empty
 
| N
 
| N
 
|-
 
|-
Line 51: Line 54:
 
| String
 
| String
 
| HTTP methods supported by the server.
 
| HTTP methods supported by the server.
| default to GET,POST,PUT,DELETE,OPTIONS
+
| GET,POST,PUT,DELETE,OPTIONS
 
| N
 
| N
 
|-
 
|-
 
| allowedHeaders
 
| allowedHeaders
 
| String
 
| String
| Access-Control-Allow-Headers header as part of the response to a preflight request which specifies which header field names can be used during the actual request.
+
| <tt>Access-Control-Allow-Headers</tt> header as part of the response to a pre-flight request which specifies which header field names can be used during the request.
Default to:
+
| X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId
X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId
 
 
| N
 
| N
 
|-
 
|-
 
| allowCredentials
 
| allowCredentials
 
| String
 
| String
| Value of the Access-Control-Allow-Credentials header which indicates whether the response to request can be exposed when the omit credentials flag is unset.  
+
| Value of the <tt>Access-Control-Allow-Credentials</tt> header which indicates whether the response to the request can be exposed when the {{Editgrn_open}}omit credentials{{Editgrn_close}} flag is unset.  
| default to true
+
| <tt>true</tt>
 
| N
 
| N
 
|-
 
|-
Line 70: Line 72:
 
| Number
 
| Number
 
| Values of delay after contact center <tt>allowDomain</tt> updating takes effect.
 
| Values of delay after contact center <tt>allowDomain</tt> updating takes effect.
default to 120
+
| 120
 
| N
 
| N
 
|}
 
|}
Line 84: Line 86:
 
</pre>
 
</pre>
  
===Contact Center Allow Domain Settings===
+
===Access Control===
Each contact center can define their own allow origin list through GWS access control settings.
+
Each contact center can define their own allow origin list through Genesys Web Services access control settings.
GWS will filter incoming request by merging global <tt>allowOrigins</tt> and contact center access control settings by using an <tt>Admin</tt> account.
+
Genesys Web Services will filter an incoming request by merging global <tt>allowOrigins</tt> and contact center access control settings by using an <tt>Admin</tt> account.
  
 
Here is an example of how to setup access-control for contact center:
 
Here is an example of how to setup access-control for contact center:
* To Create the access-control, use POST
+
* To Create the access-control, use <tt>POST</tt>
* To Update the access-control, use PUT
+
* To Update the access-control, use <tt>PUT</tt>
  
 
<pre>
 
<pre>
Line 110: Line 112:
 
</pre>
 
</pre>
  
 
==Access Control==
 
  
  
 
[[Category:V:HTCC:8.5.2DRAFT]]
 
[[Category:V:HTCC:8.5.2DRAFT]]

Revision as of 17:22, August 11, 2014

Cross Domain (CORS) Filter

This is part of the Deployment Guide for the Genesys Web Services.

Overview

Genesys Web Services supports Cross Domain (CORS) Filter, which allows applications to requested resources from another domain. For more information on CORS Filter, please refer to http://en.wikipedia.org/wiki/Cross-origin_resource_sharing.

Configuration

Genesys Web Services provides configuration options for CORS Filter which includes system wide configuration applying to all contact centers. Each contact center can also provision its allowOrigions.

Operations

The following operations are available for this group:

Operation Description Permissions
GET Retrieves an array of settings Contact Center Admin
POST Creates a new setting in this group. allowedOrigins is the only valid setting. Contact Center Admin
PUT Updates a setting. Contact Center Admin
DELETE Removes a setting. Contact Center Admin

Parameters

Edit the server-settings.yaml file and define the following parameters under crossOriginSettings:

Name Type Description Default Required
allowedOrigins String String of allowed origins supported by this node.

For example: http://*.genesys.com, http://*.genesyslab.com

empty N
allowedMethods String HTTP methods supported by the server. GET,POST,PUT,DELETE,OPTIONS N
allowedHeaders String Access-Control-Allow-Headers header as part of the response to a pre-flight request which specifies which header field names can be used during the request. X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId N
allowCredentials String Value of the Access-Control-Allow-Credentials header which indicates whether the response to the request can be exposed when the omit credentials flag is unset. true N
corsFilterCacheTimeToLive Number Values of delay after contact center allowDomain updating takes effect. 120 N

Example 

crossOriginSettings:
    corsFilterCacheTimeToLive: 120
    allowedOrigins: http://*.google.com, http://*.gmail.com
    allowedMethods: GET,POST,PUT,DELETE,OPTIONS
    allowedHeaders: "X-Requested-With,Content-Type,Accept,​Origin,Cookie,authorization,ssid,surl,​ContactCenterId"
    allowCredentials: true

Access Control

Each contact center can define their own allow origin list through Genesys Web Services access control settings. Genesys Web Services will filter an incoming request by merging global allowOrigins and contact center access control settings by using an Admin account.

Here is an example of how to setup access-control for contact center:

  • To Create the access-control, use POST
  • To Update the access-control, use PUT
 POST or PUT /api/v2/settings/access-control
 { 
   “name”:”allowedOrigins”,
   “value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com", "https://*.genesys.com"]
 }

or through ops account: 

 POST or PUT /api/v2/ops/contact-centers/<contact-center-id>/settings/access-control
 { 
   “name”:”allowedOrigins”,
   “value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com", "https://*.genesys.com"]
 }
Comments or questions about this documentation? Contact us for support!