1 of 20
2 of 20
3 of 20
4 of 20
5 of 20
6 of 20
7 of 20
8 of 20
9 of 20
10 of 20
11 of 20
12 of 20
13 of 20
14 of 20
15 of 20
16 of 20
17 of 20
18 of 20
19 of 20
20 of 20

doc

Setting up Cross-Origin Resource Sharing (CORS)

Cross-Origin Resource Sharing (CORS) is a mechanism for using HTTP headers to give access permission to specific resources that are on a different origin server to the document in use.

An example of a cross-origin request is a HTML page provided by domain “A”, which requests a file, such as CSS stylesheet or JavaScript, provided by domain “B”. For security reasons, most browsers prevent cross-origin HTTP requests originated by scripts.

Here are some examples of CORS configurations:

  1. CORS permission for all origins
  2. CORS permission for specific origins

1. CORS permission for all origins

To allow CORS within a configuration, without any restriction on the origin:

  1. Log in to Real-Time Manager (RTM).
  2. Select Products Menu > Edge Application.
  3. Edit the required Edge Application configuration.
  4. In the Rules Engine tab, create a new rule in Response Phase, as in the following example:
Name: CORS
Criteria: if ${uri} starts with /your-uri
Behavior: then Add Response Header Access-Control-Allow-Origin: *

2. CORS permission for specific origins

To enable CORS within a configuration for some specific origin servers, you will need the [Application Acceleration] (/en/documentation/products/edge-application/application-acceleration/) product.

  1. Log in to RTM.
  2. Select Products Menu > Edge Application.
  3. Edit the required Edge Application configuration.
  4. In the Main Settings tab, activate the Application Acceleration switch.
  5. Click the Save button.
  6. In the Rules Engine tab, create a new rule in Response Phase, as in the following example:
Name: CORS
Criteria: if ${http_origin} is equal http://your.domain1.com
or ${http_origin} is equal http://your.domain2.com
or ${http_origin} is equal http://your.domain3.com
Behavior: then Add Response Header Access-Control-Allow-Origin: ${http_origin}

Didn’t find what you were looking for? Open a support ticket.