Jump to: navigation, search
Line 2: Line 2:
 
__TOC__
 
__TOC__
 
==Overview==
 
==Overview==
Web Services supports Cross Domain (CORS) filter, which allows applications to requested resources from another domain.  
+
Web Services supports Cross-Origin Resource Sharing (CORS), which allows applications to request resources from another domain. For general information and background on CORS, see {{#Widget:ExtLink|link=http://en.wikipedia.org/wiki/Cross-origin_resource_sharing|displaytext=Cross-Origin Resource Sharing}}.
For more information on CORS, refer to {{#Widget:ExtLink|link=http://en.wikipedia.org/wiki/Cross-origin_resource_sharing|displaytext=Cross-origin resource sharing}}.
 
  
==Configuration==
+
To set up Cross-Origin Resource Sharing, make sure you set the [[HTCCConfigurationOptionsReference#crossOriginSettings|crossOriginSettings]] option in the '''server-settings.yaml''' file on each of your Web Services nodes. It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the '''exposedHeaders''' setting with a value that includes <tt>X-CSRF-HEADER,X-CSRF-TOKEN</tt>.
Web Services provides configuration options for CORS Filter which includes system wide configuration applying to all contact centers. Each contact center can also provision its <tt>allowOrigins</tt>.
 
  
==Parameters==
+
For example, your configuration might look like this:  
Edit the <tt>server-settings.yaml</tt> file and define the following parameters under <tt>crossOriginSettings</tt>:
+
<source lang="text">
 
 
{|
 
! Name
 
! Type
 
! Description
 
! Default
 
! Required
 
|-
 
| allowedOrigins
 
| String
 
| String of allowed origins supported by this node.
 
For example: <source lang="html4strict">http://*.genesys.com, http://*.genesyslab.com</source>
 
| empty
 
| N
 
|-
 
| allowedMethods
 
| String
 
| HTTP methods supported by the server.
 
| GET,POST,PUT,DELETE,OPTIONS
 
| N
 
|-
 
| allowedHeaders
 
| String
 
| <tt>Access-Control-Allow-Headers</tt> header as part of the response to a pre-flight request which specifies which header field names can be used during the request.
 
| X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN
 
| N
 
|-
 
| allowCredentials
 
| String
 
| Value of the <tt>Access-Control-Allow-Credentials</tt> header. This should typically be left at the default value.
 
| <tt>true</tt>
 
| N
 
|-
 
| corsFilterCacheTimeToLive
 
| Number
 
| Values of delay after contact center <tt>allowDomain</tt> updating takes effect.
 
| 120
 
| N
 
|-
 
| exposedHeaders
 
| String
 
| Configures what custom headers are allowed in cross-origin HTTP responses. This value should not need to be modified from the default.
 
| X-CSRF-HEADER,X-CSRF-TOKEN
 
| N
 
|}
 
 
 
'''Example'''
 
<pre>
 
 
crossOriginSettings:
 
crossOriginSettings:
 
     corsFilterCacheTimeToLive: 120
 
     corsFilterCacheTimeToLive: 120
     allowedOrigins: https://*.salesforce.com, https://*.force.com, http://127.0.0.1:9090
+
     allowedOrigins: http://*.genesys.com, http://*.genesyslab.com
 
     allowedMethods: GET,POST,PUT,DELETE,OPTIONS
 
     allowedMethods: GET,POST,PUT,DELETE,OPTIONS
 
     allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
 
     allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
 
     allowCredentials: true
 
     allowCredentials: true
 
     exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"
 
     exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"
</pre>
+
</source>
  
 +
For more information about CORS in the Web Services API, see [[Documentation:HTCC:API:CORS|Cross-Origin Resource Sharing]].
  
 
==Next step==
 
==Next step==

Revision as of 13:40, February 1, 2016

CORS filter

Overview

Web Services supports Cross-Origin Resource Sharing (CORS), which allows applications to request resources from another domain. For general information and background on CORS, see Cross-Origin Resource Sharing.

To set up Cross-Origin Resource Sharing, make sure you set the crossOriginSettings option in the server-settings.yaml file on each of your Web Services nodes. It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the exposedHeaders setting with a value that includes X-CSRF-HEADER,X-CSRF-TOKEN.

For example, your configuration might look like this: 

crossOriginSettings:
    corsFilterCacheTimeToLive: 120
    allowedOrigins: http://*.genesys.com, http://*.genesyslab.com
    allowedMethods: GET,POST,PUT,DELETE,OPTIONS
    allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
    allowCredentials: true
    exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"

For more information about CORS in the Web Services API, see Cross-Origin Resource Sharing.

Next step

Comments or questions about this documentation? Contact us for support!