| Line 1: | Line 1: | ||
| − | =CORS | + | =CORS filter= |
__TOC__ | __TOC__ | ||
==Overview== | ==Overview== | ||
Revision as of 17:02, December 9, 2015
CORS filter
Overview
Web Services supports Cross Domain (CORS) filter, which allows applications to requested resources from another domain. For more information on CORS, refer to Cross-origin resource sharing.
Configuration
Web Services provides configuration options for CORS Filter which includes system wide configuration applying to all contact centers. Each contact center can also provision its allowOrigins.
Parameters
Edit the server-settings.yaml file and define the following parameters under crossOriginSettings:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| allowedOrigins | String | String of allowed origins supported by this node.
For example: http://*.genesys.com, http://*.genesyslab.com |
empty | N |
| allowedMethods | String | HTTP methods supported by the server. | GET,POST,PUT,DELETE,OPTIONS | N |
| allowedHeaders | String | Access-Control-Allow-Headers header as part of the response to a pre-flight request which specifies which header field names can be used during the request. | X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN | N |
| allowCredentials | String | Value of the Access-Control-Allow-Credentials header. This should typically be left at the default value. | true | N |
| corsFilterCacheTimeToLive | Number | Values of delay after contact center allowDomain updating takes effect. | 120 | N |
| exposedHeaders | String | Configures what custom headers are allowed in cross-origin HTTP responses. This value should not need to be modified from the default. | X-CSRF-HEADER,X-CSRF-TOKEN | N |
Example
crossOriginSettings:
corsFilterCacheTimeToLive: 120
allowedOrigins: https://*.salesforce.com, https://*.force.com, http://127.0.0.1:9090
allowedMethods: GET,POST,PUT,DELETE,OPTIONS
allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
allowCredentials: true
exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"
Next step
Comments or questions about this documentation? Contact us for support!