Setting up Cross-Origin Resource Sharing (CORS)
Cross-Origin Resource Sharing (CORS) is a mechanism for using HTTP headers to give access permission to specific resources that are on a different origin server to the document in use.
An example of a cross-origin request is a HTML page provided by domain “A”, which requests a file, such as CSS stylesheet or JavaScript, provided by domain “B”. For security reasons, most browsers prevent cross-origin HTTP requests originated by scripts.
Here are some examples of CORS configurations:
1. CORS permission for all origins
To allow CORS within a configuration, without any restriction on the origin:
- Log in to Real-Time Manager (RTM).
- Select Products Menu > Edge Application.
- Edit the required Edge Application configuration.
- In the Rules Engine tab, create a new rule in Response Phase, as in the following example:
| Name: | CORS |
|---|---|
| Criteria: | if ${uri} starts with /your-uri |
| Behavior: | then Add Response Header Access-Control-Allow-Origin: * |
2. CORS permission for specific origins
To enable CORS within a configuration for some specific origin servers, you will need the [Application Acceleration] (/en/documentation/products/edge-application/application-acceleration/) product.
- Log in to RTM.
- Select Products Menu > Edge Application.
- Edit the required Edge Application configuration.
- In the Main Settings tab, activate the Application Acceleration switch.
- Click the Save button.
- In the Rules Engine tab, create a new rule in Response Phase, as in the following example:
| Name: | CORS |
|---|---|
| Criteria: | if ${http_origin} is equal http://your.domain1.com or ${http_origin} is equal http://your.domain2.com or ${http_origin} is equal http://your.domain3.com |
| Behavior: | then Add Response Header Access-Control-Allow-Origin: ${http_origin} |
Didn’t find what you were looking for? Open a support ticket.