Integration Server 10.3 | Integration Server Administrator's Guide | Configuring the Server | Using CORS with Integration Server | Configuring Integration Server to Accept CORS Requests
 
Configuring Integration Server to Accept CORS Requests
Use the following procedure to configure your Integration Server to accept and process CORS requests.
*To enable CORS processing on Integration Server
1. In the Settings menu of the Navigation panel, click Extended.
2. Click Edit Extended Settings.
3. Type watt.server.cors.enabled=true.
4. Specify the URIs from which Integration Server is to allow cross-origin requests to access resources by typing the following:
watt.server.cors.allowedOrigins=<protocol>://<hostname>
or
watt.server.cors.allowedOrigins=<protocol>://<hostname>:<port>
Where <protocol> is either HTTP or HTTPS, <hostname> is the IP address or name of the machine, and <port> is the port number.
Note:
The host name and IP address cannot be used interchangeably. If you specify a host name, and a cross-origin request is received that uses the corresponding IP address or vice versa, Integration Server will reject the request.
The values are case-sensitive. Use a space or comma delimiter to specify multiple values. You can use an asterisk (*) to indicate that any URI or origin is allowed. You can also use regular expressions in the comma-separated list of allowed origin servers. For more information about setting the watt.server.cors.allowedOrigins service configuration parameter, see Server Configuration Parameters.
5. Optionally, set any of the following parameters for CORS processing:
If you want to...
Type...
Specify values that Integration Server can include with the CORS Access-Control-Expose-Headers header in response to a CORS request.

watt.server.cors.exposedHeaders= <value1,value2,value3>

Where value# is a response header that applications can access. Examine your client-side code to determine which response headers, if any, are retrieved by the client and therefore need to be exposed.
Specify the host and port on which clients can send cross-origin requests to Integration Server.
watt.server.cors.host=<hostname>:<port>
Specify the amount of time in seconds a user agent is allowed to cache the results of a preflight request.

watt.server.cors.maxAge= <number
of seconds>


Have Integration Server set the CORS Access-Control-Allow-Credentials header in response to all CORS requests.
watt.server.cors.supportsCredentials=true
Specify the request headers Integration Server will allow in cross-origin requests. Integration Server includes these headers as the value of the Access-Control-Allow-Headers response header when replying to a pre-flight request.

watt.server.cors.supportedHeaders= <header1,header2,header3>

Where header# is a header that a client can include in an actual request. Examine your server-side code to determine which request headers, if any, are read by your server application and need to be explicitly allowed.
Specify the HTTP methods Integration Server will allow in cross-origin requests.

watt.server.cors.supportedMethods= <method1,method2,method3>

Possible values are OPTIONS, HEAD, GET, POST, PUT, PATCH, and DELETE. Integration Server accepts any of these values by default.
See Server Configuration Parameters for important usage information and detailed descriptions of these parameters.
6. Click Save Changes.