Jump to: navigation, search
Line 84: Line 84:
 
     allowedHeaders: "X-Requested-With,Content-Type,Accept,​Origin,Cookie,authorization,ssid,surl,​ContactCenterId"
 
     allowedHeaders: "X-Requested-With,Content-Type,Accept,​Origin,Cookie,authorization,ssid,surl,​ContactCenterId"
 
     allowCredentials: true
 
     allowCredentials: true
</pre>
 
 
==Access Control==
 
Each contact center can define their own allow origin list through Genesys Web Services access control settings.
 
Genesys Web Services will filter an incoming request by merging global <tt>allowOrigins</tt> and contact center access control settings by using an <tt>Admin</tt> account.
 
 
===Example===
 
Here is an example of how to setup access-control for contact center:
 
* To Create the access-control, use <tt>POST</tt>
 
* To Update the access-control, use <tt>PUT</tt>
 
 
<pre>
 
POST or PUT /api/v2/settings/access-control
 
{
 
  “name”:”allowedOrigins”,
 
  “value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com", "https://*.genesys.com"]
 
}
 
</pre>
 
 
or through ops account:
 
 
<pre>
 
POST or PUT /api/v2/ops/contact-centers/<contact-center-id>/settings/access-control
 
{
 
  “name”:”allowedOrigins”,
 
  “value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com", "https://*.genesys.com"]
 
}
 
 
</pre>
 
</pre>
  

Revision as of 17:25, August 11, 2014

Cross Domain (CORS) Filter

This is part of the Deployment Guide for the Genesys Web Services.

Overview

Genesys Web Services supports Cross Domain (CORS) Filter, which allows applications to requested resources from another domain. For more information on CORS Filter, please refer to http://en.wikipedia.org/wiki/Cross-origin_resource_sharing.

Configuration

Genesys Web Services provides configuration options for CORS Filter which includes system wide configuration applying to all contact centers. Each contact center can also provision its allowOrigions.

Operations

The following operations are available for this group:

Operation Description Permissions
GET Retrieves an array of settings Contact Center Admin
POST Creates a new setting in this group. allowedOrigins is the only valid setting. Contact Center Admin
PUT Updates a setting. Contact Center Admin
DELETE Removes a setting. Contact Center Admin

Parameters

Edit the server-settings.yaml file and define the following parameters under crossOriginSettings:

Name Type Description Default Required
allowedOrigins String String of allowed origins supported by this node.

For example: http://*.genesys.com, http://*.genesyslab.com

empty N
allowedMethods String HTTP methods supported by the server. GET,POST,PUT,DELETE,OPTIONS N
allowedHeaders String Access-Control-Allow-Headers header as part of the response to a pre-flight request which specifies which header field names can be used during the request. X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId N
allowCredentials String Value of the Access-Control-Allow-Credentials header which indicates whether the response to the request can be exposed when the omit credentials flag is unset. true N
corsFilterCacheTimeToLive Number Values of delay after contact center allowDomain updating takes effect. 120 N

Example 

crossOriginSettings:
    corsFilterCacheTimeToLive: 120
    allowedOrigins: http://*.google.com, http://*.gmail.com
    allowedMethods: GET,POST,PUT,DELETE,OPTIONS
    allowedHeaders: "X-Requested-With,Content-Type,Accept,​Origin,Cookie,authorization,ssid,surl,​ContactCenterId"
    allowCredentials: true
Comments or questions about this documentation? Contact us for support!