Integration Server 10.11 | Integration Server Administrator's Guide | Configuring the Server | Using CORS with Integration Server | Configuring Integration Server to Accept CORS Requests
 
Configuring Integration Server to Accept CORS Requests
Use the following procedure to configure your Integration Server to accept and process CORS requests.
*To enable CORS processing on Integration Server
1. Open Integration Server Administrator if it is not already open.
2. Go to Settings > Extended.
3. Click .
4. In the Add extended setting window, enter Key name as watt.server.cors.enabled and Value as true, and click Save.
5. To specify the URIs from which Integration Server must allow cross-origin requests to access resources, repeat steps 3 and 4 to add watt.server.cors.allowedOrigin as the key and specify the value in one of the following ways:
*<protocol>://<hostname> or <protocol>://<hostname>:<port>. Where <protocol> is either HTTP or HTTPS, <hostname> is the IP address or name of the machine, and <port> is the port number.
*A text file that contains the allowed URIs.
For example: file:c:\cors\allowedOriginsList.txt
Note:
The file must use the same syntax as is required for URIs specified as the value for watt.sever.cors.allowedOrigins with the difference that each line must be an allowed origin server URI or a regular expression.
The values are case-sensitive. Use a space or comma delimiter to specify multiple values. You can use an asterisk (*) to indicate that any URI or origin is allowed. You can also use regular expressions in the comma-separated list of allowed origin servers. For more information about setting the watt.server.cors.allowedOrigins service configuration parameter, see Server Configuration Parameters.
6. Optionally, set any of the following parameters for CORS processing:
If you want to...
Type...
Specify values that Integration Server can include with the CORS Access-Control-Expose-Headers header in response to a CORS request.

watt.server.cors.exposedHeaders= <value1,value2,value3>

Where value# is a response header that applications can access. Examine your client-side code to determine which response headers, if any, are retrieved by the client and therefore need to be exposed.
Specify the host and port on which clients can send cross-origin requests to Integration Server.
watt.server.cors.host=<hostname>:<port>
Specify the amount of time in seconds a user agent is allowed to cache the results of a preflight request.

watt.server.cors.maxAge= <number
of seconds>


Have Integration Server set the CORS Access-Control-Allow-Credentials header in response to all CORS requests.
watt.server.cors.supportsCredentials=true
Specify the request headers Integration Server will allow in cross-origin requests. Integration Server includes these headers as the value of the Access-Control-Allow-Headers response header when replying to a pre-flight request.

watt.server.cors.supportedHeaders= <header1,header2,header3>

Where header# is a header that a client can include in an actual request. Examine your server-side code to determine which request headers, if any, are read by your server application and need to be explicitly allowed.
Specify the HTTP methods Integration Server will allow in cross-origin requests.

watt.server.cors.supportedMethods= <method1,method2,method3>

Possible values are OPTIONS, HEAD, GET, POST, PUT, PATCH, and DELETE. Integration Server accepts any of these values by default.
See Server Configuration Parameters for important usage information and detailed descriptions of these parameters.
7. Click Save Changes.
8. If you used a text file as the value of watt.server.cors.allowedOrigins, invoke the following URL to execute an internal service that causes the referenced text file to be loaded into Integration Server: http://host:port/invoke/wm.server.admin:refreshAllowedOrigins
Where host and port are the host and port of Integration Server