ShowTable of Contents
What is CORS
More details about CORS can be found here
CORS Wiki CORS W3 Usefull information about CORS (browser support)
How to work with CORS in WebSphere Portal
CORS support has been enabled using a ServletFilter. To modify the configuration you have to modify the web.xml file of the wps.ear. There are multiple documentations on how to export and reimport changes in the web.xml file. You can find information here (L2 information about Ear update or As part of the Theme deployment
As soon as you have downloaded the web.xml file please open it using your favorit editor and search for CSRF Filter.
The default configuration will look like
You can add your trusted origins here using init paramters as shown in the sample below.
Based on the CORS specification the server has to provide grant information. This information is used by the browser to allow the access to the response or reject it. Within the servlet Filter config you can define three different options per trusted domain or use rely on the default.
com.ibm.portal.cors.domain.list : List of trusted domains including trusted protocol and port (e.g http://foo.bar:1023). List is separated by the space character, the tab character, the newline character and the carriage-return character.
com.ibm.portal.cors.domain.fulldomainname.maxage : Defines the max age for the granted permission. Default value is 1000 (e.g. com.ibm.portal.cors.domain.http://foo.bar:1023.maxage)
com.ibm.portal.cors.domain.fulldomainname.methods : Defines the Methods allowed for this Domain. Default is GET, OPTIONS
Use the documentation listed above to upload your changes to the wps.ear and after a restart of WebSphere Portal you will be able to use REST services of WebSphere Portal from a foreign Domain.
Note: The custom property "host.name" of resource environment provider "WP ConfigService" should be set to avoid issues with mixed request for protocols HTTP and HTTPS.