Cross Domain (CORS) Filter
This is part of the Deployment Guide for the Genesys Web Services.
Overview
GWS Supports CORS Filter which allows applications to requested resources from another domain. For more information on CORS Filter, please refer to http://en.wikipedia.org/wiki/Cross-origin_resource_sharing.
Configuration
GWS provides configurations options for CORS Filter which includes system wide configuration applying to all contact centers. Also each contact center can provisioning its allowOrigions.
Operations
The following operations are available for this group:
| Operation | Description | Permissions |
|---|---|---|
| GET | Retrieves an array of settings | Contact Center Admin |
| POST | Creates a new setting in this group. "allowedOrigins" is the only valid setting. | Contact Center Admin |
| PUT | Updates a setting. | Contact Center Admin |
| DELETE | Removes a setting. | Contact Center Admin |
Parameters
Edit the server-settings.yaml file and define the following parameters under crossOriginSettings:
| Name | Type | Description | Required | |
|---|---|---|---|---|
| allowedOrigins | String | String of allowed origins supported by this node. e.g. http://*.genesys.com, http://*.genesyslab.com
Default value: empty |
N | |
| allowedMethods | String | HTTP methods supported by the server. | default to GET,POST,PUT,DELETE,OPTIONS | N |
| allowedHeaders | String | Access-Control-Allow-Headers header as part of the response to a preflight request which specifies which header field names can be used during the actual request.
Default to: X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId |
N | |
| allowCredentials | String | Value of the Access-Control-Allow-Credentials header which indicates whether the response to request can be exposed when the omit credentials flag is unset. | default to true | N |
| corsFilterCacheTimeToLive | Number | Values of delay after contact center allowDomain updating takes effect.
default to 120 |
N |
Example
crossOriginSettings:
corsFilterCacheTimeToLive: 120
allowedOrigins: http://*.google.com, http://*.gmail.com
allowedMethods: GET,POST,PUT,DELETE,OPTIONS
allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId"
allowCredentials: true
Contact Center Allow Domain Settings
Each contact center can define their own allow origin list through GWS access control settings. GWS will filter incoming request by merging global allowOrigins and contact center access control settings by using an Admin account.
Here is an example of how to setup access-control for contact center:
- To Create the access-control, use POST
- To Update the access-control, use PUT
POST or PUT /api/v2/settings/access-control
{
“name”:”allowedOrigins”,
“value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com", "https://*.genesys.com"]
}
or through ops account:
POST or PUT /api/v2/ops/contact-centers/<contact-center-id>/settings/access-control
{
“name”:”allowedOrigins”,
“value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com", "https://*.genesys.com"]
}