| Line 6: | Line 6: | ||
To set up Cross-Origin Resource Sharing, make sure you set the [[HTCCConfigurationOptionsReference#crossOriginSettings|crossOriginSettings]] option in the serverSettings section of the '''application.yaml''' file on each of your Web Services nodes ('''server-settings.yaml''' if you're installing Web Services and Applications version 8.5.201.09 or earlier). It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the '''exposedHeaders''' setting with a value that includes <tt>X-CSRF-HEADER,X-CSRF-TOKEN</tt>. | To set up Cross-Origin Resource Sharing, make sure you set the [[HTCCConfigurationOptionsReference#crossOriginSettings|crossOriginSettings]] option in the serverSettings section of the '''application.yaml''' file on each of your Web Services nodes ('''server-settings.yaml''' if you're installing Web Services and Applications version 8.5.201.09 or earlier). It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the '''exposedHeaders''' setting with a value that includes <tt>X-CSRF-HEADER,X-CSRF-TOKEN</tt>. | ||
| − | |||
| − | |||
For example, your configuration might look like this: | For example, your configuration might look like this: | ||
| Line 24: | Line 22: | ||
==Next step== | ==Next step== | ||
*[[Security|Back to Configuring security]] | *[[Security|Back to Configuring security]] | ||
| − | + | ||
[[Category:V:HTCC:8.5.2DRAFT]] | [[Category:V:HTCC:8.5.2DRAFT]] | ||
Revision as of 12:46, October 25, 2021
CORS filter
Web Services supports Cross-Origin Resource Sharing (CORS) filter, which allows applications to request resources from another domain. For general information and background on CORS, see Cross-Origin Resource Sharing.
To set up Cross-Origin Resource Sharing, make sure you set the crossOriginSettings option in the serverSettings section of the application.yaml file on each of your Web Services nodes (server-settings.yaml if you're installing Web Services and Applications version 8.5.201.09 or earlier). It specifies the configuration for cross-origin resource sharing in Web Services. Make sure this option has the exposedHeaders setting with a value that includes X-CSRF-HEADER,X-CSRF-TOKEN.
For example, your configuration might look like this:
crossOriginSettings:
corsFilterCacheTimeToLive: 120
allowedOrigins: http://*.genesys.com, http://*.genesyslab.com
allowedMethods: GET,POST,PUT,DELETE,OPTIONS
allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId,X-CSRF-TOKEN"
allowCredentials: true
exposedHeaders: "X-CSRF-HEADER,X-CSRF-TOKEN"For more information about CORS in the Web Services API, see Cross-Origin Resource Sharing.