Downloaded 54 times
Uploaded byJared Ottley
CORS - Enable Alfresco for CORS
The document explains Cross-Origin Resource Sharing (CORS), a mechanism that allows web applications to make cross-domain AJAX calls, and outlines the requirements for enabling CORS within Alfresco. It provides details on browser support, configuration steps including adding specific jars and modifying configuration files, and the default settings for the CORS filter. Additionally, it includes links to external resources for further understanding and implementation of CORS.
More Related Content
Similar to CORS - Enable Alfresco for CORS
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
CORS - Enable Alfresco for CORS
- 1. CORS 6 Nov 2013/ 14 Nov 2013 Jared Ottley / Alfresco Software #SummitNow
- 2. CORS 6 Nov 2013/ 14 Nov 2013 Jared Ottley / Alfresco Software #SummitNow
- 3. 3 What is CORS? Cross-OriginResource Sharing • Cross Domain AJAX Calls • Implemented in Browser and Server #SummitNow #SummitNow
- 4. 4 What Browsers SupportCORS? 4.0+ 3.5+ 12.0+ 4.0+ Partial 8&9 10+ #SummitNow #SummitNow
- 5. 5 How Does CORSWork? Nothing to implement in your javascript. The Browser & the Server do the heavy lifting. #SummitNow #SummitNow
- 6. 6 How Does CORSWork? OPTIONS Browser API Request #SummitNow #SummitNow
- 7. 7 Example Code $.ajax ({ type:”HTTP METHOD”, url: “Place to go to”, dataType: 'json’, async: false, data: '{}', beforeSend: function (xhr){ xhr.setRequestHeader('Authorization', setAuthTokenHere() }, success: function (response){ //do something }, failure: function (response) { //do something } }); #SummitNow #SummitNow
- 8. 8 What About theServer Side? Alfresco does not ship with CORS support. Alfresco uses CORS as part of “Alfresco for Salesforce” to talk to Alfresco Cloud. #SummitNow #SummitNow
- 9. 9 How to EnableCORS in Alfresco Add the following jars to WEB-INF/lib cors-filter java-property-utils Both can be found at http://software.dzhuvinov.com/cors-filter.html #SummitNow #SummitNow
- 10. 10 How to EnableCORS in Alfresco Modify WEB-INF/web.xml <filter> <filter-name>CORS</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> </filter> <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/service/*</url-pattern> </filter-mapping> #SummitNow #SummitNow
- 11. 11 How to EnableCORS in Alfresco What services will be called by your app? <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/service/*</url-pattern> <url-pattern>/cmisatom/*</url-pattern> <url-pattern>/cmisbrowser/*</url-pattern> </filter-mapping> #SummitNow #SummitNow
- 12. 12 How to EnableCORS in Alfresco OPTIONS Browser Authentication API Request #SummitNow #SummitNow
- 13. 13 How to EnableCORS in Alfresco Filter can be placed anywhere in web.xml However… Filter mapping MUST be before authentication filters #SummitNow #SummitNow
- 14. 14 How to EnableCORS in Alfresco Place after Global Localization Filter but before CMIS security context cleaning filter. • This is true for 4.2…but may not be true for other versions of Alfresco. • By rule BEFORE any security/authentication filters #SummitNow #SummitNow
- 15. 15 Filter Configuration By defaultthe CORS Filter will apply a "public access" CORS policy, allowing all cross-site requests through (including credentials/cookies). Leaving the CORS Filter at this setting would actually be fine for most situations as CORS is not about adding server security; its primary intent is to protect the browser the legitimate JavaScript apps running in it and the user's confidential data, such as cookies. #SummitNow #SummitNow
- 16. 16 Filter Configuration (cont.) cors.configurationFileproperties file Setting the location using • System Property (-D) • init-param Or Individual init-param #SummitNow #SummitNow
- 17. 17 Filter Configuration (cont.) Donot change the following defaults: • cors.allowGenericHttpRequests {true|false} defaults to true • cors.supportsCredentials {true|false} defaults to true. cors.maxAge {int} defaults to -1 (unspecified) • How long should pre-flight requests be cached. • Recommended value is 3600 (1 hour) #SummitNow #SummitNow
- 18. 18 Filter Configuration (cont.) cors.allowOrigin{"*"|origin-list} defaults to * • Which calling domains are allowed? • ex: http://alfresco.com https://www.alfresco.com • Returns 403 if the domain is not allowed #SummitNow #SummitNow
- 19. 19 Filter Configuration (cont.) cors.allowSubdomains{true|false} defaults to false • Your application may run in a hosted service where the subdomain is dynamically assigned ex. salesforce.com • ex. https://na14.salesforce.com #SummitNow #SummitNow
- 20. 20 Filter Configuration (cont.) cors.supportedMethods{method-list} defaults to "GET, POST, HEAD, OPTIONS” cors.supportedHeaders {"*"|header-list} defaults to * • origin, authorization, accept #SummitNow #SummitNow
- 21. 21 Filter Configuration (cont.) cors.exposedHeaders{header-list} defaults to empty list • Response headers limited to: CacheControl, Content-Language, ContentType, Expires, Last-Modified Pragma • Add additional headers to be exposed #SummitNow #SummitNow
- 22.
- 23.
- 24.