| Line 3: | Line 3: | ||
Web Services supports Cross-Origin Resource Sharing (CORS) filter, which allows applications to request resources from another domain. For general information and background on CORS, see {{#Widget:ExtLink|link=http://en.wikipedia.org/wiki/Cross-origin_resource_sharing|displaytext=Cross-Origin Resource Sharing}}. | Web Services supports Cross-Origin Resource Sharing (CORS) filter, which allows applications to request resources from another domain. For general information and background on CORS, see {{#Widget:ExtLink|link=http://en.wikipedia.org/wiki/Cross-origin_resource_sharing|displaytext=Cross-Origin Resource Sharing}}. | ||
| − | To set up Cross-Origin Resource Sharing, make sure you set the [[HTCCConfigurationOptionsReference#crossOriginSettings|crossOriginSettings]] option in the ''' | + | To set up Cross-Origin Resource Sharing, make sure you set the [[HTCCConfigurationOptionsReference#crossOriginSettings|crossOriginSettings]] option in the serverSettings section of the '''application.yaml''' file on each of your Web Services nodes ('''server-settings.yaml''' if you're installing Web Services and Applications version 8.5.201.09 or earlier). It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the '''exposedHeaders''' setting with a value that includes <tt>X-CSRF-HEADER,X-CSRF-TOKEN</tt>. |
For example, your configuration might look like this: | For example, your configuration might look like this: | ||
Revision as of 17:20, March 8, 2016
CORS filter
Web Services supports Cross-Origin Resource Sharing (CORS) filter, which allows applications to request resources from another domain. For general information and background on CORS, see Cross-Origin Resource Sharing.
To set up Cross-Origin Resource Sharing, make sure you set the crossOriginSettings option in the serverSettings section of the application.yaml file on each of your Web Services nodes (server-settings.yaml if you're installing Web Services and Applications version 8.5.201.09 or earlier). It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the exposedHeaders setting with a value that includes X-CSRF-HEADER,X-CSRF-TOKEN.
For example, your configuration might look like this:
crossOriginSettings:
corsFilterCacheTimeToLive: 120
allowedOrigins: http://*.genesys.com, http://*.genesyslab.com
allowedMethods: GET,POST,PUT,DELETE,OPTIONS
allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
allowCredentials: true
exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"For more information about CORS in the Web Services API, see Cross-Origin Resource Sharing.