Cross Domain (CORS) Filter
This is part of the Deployment Guide for the Genesys Web Services.
Contents
Overview
Genesys Web Services supports Cross Domain (CORS) Filter, which allows applications to requested resources from another domain. For more information on CORS Filter, please refer to http://en.wikipedia.org/wiki/Cross-origin_resource_sharing.
Configuration
Genesys Web Services provides configuration options for CORS Filter which includes system wide configuration applying to all contact centers. Each contact center can also provision its allowOrigions.
Operations
The following operations are available for this group:
| Operation | Description | Permissions |
|---|---|---|
| GET | Retrieves an array of settings | Contact Center Admin |
| POST | Creates a new setting in this group. allowedOrigins is the only valid setting. | Contact Center Admin |
| PUT | Updates a setting. | Contact Center Admin |
| DELETE | Removes a setting. | Contact Center Admin |
Parameters
Edit the server-settings.yaml file and define the following parameters under crossOriginSettings:
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| allowedOrigins | String | String of allowed origins supported by this node.
For example: http://*.genesys.com, http://*.genesyslab.com |
empty | N |
| allowedMethods | String | HTTP methods supported by the server. | GET,POST,PUT,DELETE,OPTIONS | N |
| allowedHeaders | String | Access-Control-Allow-Headers header as part of the response to a pre-flight request which specifies which header field names can be used during the request. | X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId | N |
| allowCredentials | String | Value of the Access-Control-Allow-Credentials header which indicates whether the response to the request can be exposed when the omit credentials flag is unset. | true | N |
| corsFilterCacheTimeToLive | Number | Values of delay after contact center allowDomain updating takes effect. | 120 | N |
Example
crossOriginSettings:
corsFilterCacheTimeToLive: 120
allowedOrigins: http://*.google.com, http://*.gmail.com
allowedMethods: GET,POST,PUT,DELETE,OPTIONS
allowedHeaders: "X-Requested-With,Content-Type,Accept,Origin,Cookie,authorization,ssid,surl,ContactCenterId"
allowCredentials: true
Access Control
Each contact center can define their own allow origin list through Genesys Web Services access control settings. Genesys Web Services will filter an incoming request by merging global allowOrigins and contact center access control settings by using an Admin account.
Example
Here is an example of how to setup access-control for contact center:
- To Create the access-control, use POST
- To Update the access-control, use PUT
POST or PUT /api/v2/settings/access-control
{
“name”:”allowedOrigins”,
“value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com", "https://*.genesys.com"]
}
or through ops account:
POST or PUT /api/v2/ops/contact-centers/<contact-center-id>/settings/access-control
{
“name”:”allowedOrigins”,
“value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com", "https://*.genesys.com"]
}