Configuring Integration Server to Accept CORS Requests
Use the following procedure to configure your Integration Server to accept and process CORS requests.
To enable CORS processing on
Integration Server 1. In the Settings menu of the Navigation panel, click Extended.
2. Click Edit Extended Settings.
3. Type watt.server.cors.enabled=true.
4. Specify the URIs from which Integration Server is to allow cross-origin requests to access resources by doing one of the following:
To specify the URIs as the value of watt.server.cors.allowedOrigin, do the following:
watt.server.cors.allowedOrigins=<protocol>://<hostname>
or
watt.server.cors.allowedOrigins=<protocol>://<hostname>:<port>
Where <protocol> is either HTTP or HTTPS, <hostname> is the IP address or name of the machine, and <port> is the port number.
Note: The host name and IP address cannot be used interchangeably. If you specify a host name, and a cross-origin request is received that uses the corresponding IP address or vice versa, Integration Server will reject the request.
To specify a text file that contains allow of the allowed URIs, set the value to:
file:path\filename For example: watt.server.cors.allowedOrigins=file:c:\cors\allowedOriginsList.txt
Note: The file must use the same syntax as is required for URIs specified as the value for watt.sever.cors.allowedOrigins with the difference that each line must be an allowed origin server URI or a regular expression.
The values are case-sensitive. Use a space or comma delimiter to specify multiple values. You can use an asterisk (*) to indicate that any URI or origin is allowed. You can also use regular expressions in the comma-separated list of allowed origin servers. For more information about setting the watt.server.cors.allowedOrigins service configuration parameter, see
Server Configuration Parameters.
5. Optionally, set any of the following parameters for CORS processing:
If you want to... | Type... |
Specify values that Integration Server can include with the CORS Access-Control-Expose-Headers header in response to a CORS request. | watt.server.cors.exposedHeaders= <value1,value2,value3>
Where value# is a response header that applications can access. Examine your client-side code to determine which response headers, if any, are retrieved by the client and therefore need to be exposed. |
Specify the host and port on which clients can send cross-origin requests to Integration Server. | watt.server.cors.host=<hostname>:<port> |
Specify the amount of time in seconds a user agent is allowed to cache the results of a preflight request. | watt.server.cors.maxAge= <number of seconds>
|
Have Integration Server set the CORS Access-Control-Allow-Credentials header in response to all CORS requests. | watt.server.cors.supportsCredentials=true |
Specify the request headers Integration Server will allow in cross-origin requests. Integration Server includes these headers as the value of the Access-Control-Allow-Headers response header when replying to a pre-flight request. | watt.server.cors.supportedHeaders= <header1,header2,header3>
Where header# is a header that a client can include in an actual request. Examine your server-side code to determine which request headers, if any, are read by your server application and need to be explicitly allowed. |
Specify the HTTP methods Integration Server will allow in cross-origin requests. | watt.server.cors.supportedMethods= <method1,method2,method3>
Possible values are OPTIONS, HEAD, GET, POST, PUT, PATCH, and DELETE. Integration Server accepts any of these values by default. |
6. Click Save Changes.
7. If you used a text file as the value of watt.server.cors.allowedOrigins, invoke the following URL to execute an internal service that causes the referenced text file to be loaded into Integration Server: http://host:port/invoke/wm.server.admin:refreshAllowedOrigins
Where host and port are the host and port of Integration Server