Line 84: | Line 84: | ||
allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId" | allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId" | ||
allowCredentials: true | allowCredentials: true | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
Revision as of 17:25, August 11, 2014
Cross Domain (CORS) Filter
This is part of the Deployment Guide for the Genesys Web Services.
Overview
Genesys Web Services supports Cross Domain (CORS) Filter, which allows applications to requested resources from another domain. For more information on CORS Filter, please refer to http://en.wikipedia.org/wiki/Cross-origin_resource_sharing.
Configuration
Genesys Web Services provides configuration options for CORS Filter which includes system wide configuration applying to all contact centers. Each contact center can also provision its allowOrigions.
Operations
The following operations are available for this group:
Operation | Description | Permissions |
---|---|---|
GET | Retrieves an array of settings | Contact Center Admin |
POST | Creates a new setting in this group. allowedOrigins is the only valid setting. | Contact Center Admin |
PUT | Updates a setting. | Contact Center Admin |
DELETE | Removes a setting. | Contact Center Admin |
Parameters
Edit the server-settings.yaml file and define the following parameters under crossOriginSettings:
Name | Type | Description | Default | Required |
---|---|---|---|---|
allowedOrigins | String | String of allowed origins supported by this node.
For example: http://*.genesys.com, http://*.genesyslab.com |
empty | N |
allowedMethods | String | HTTP methods supported by the server. | GET,POST,PUT,DELETE,OPTIONS | N |
allowedHeaders | String | Access-Control-Allow-Headers header as part of the response to a pre-flight request which specifies which header field names can be used during the request. | X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId | N |
allowCredentials | String | Value of the Access-Control-Allow-Credentials header which indicates whether the response to the request can be exposed when the omit credentials flag is unset. | true | N |
corsFilterCacheTimeToLive | Number | Values of delay after contact center allowDomain updating takes effect. | 120 | N |
Example
crossOriginSettings: corsFilterCacheTimeToLive: 120 allowedOrigins: http://*.google.com, http://*.gmail.com allowedMethods: GET,POST,PUT,DELETE,OPTIONS allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId" allowCredentials: true
Comments or questions about this documentation? Contact us for support!