Platform Explorer / Nuxeo Platform 2021.7

Extension point corsConfig

Documentation

Add a CORS compliant url's pattern

Mandatory: - name: name of the config - pattern: url pattern to match

Optionnal: - allowGenericHttpRequests: If false, only valid and accepted CORS requests that be allowed (strict CORS filtering). - allowOrigin: Whitespace-separated list of origins that the CORS filter must allow. - allowSubdomains: If true the CORS filter will allow requests from any origin which is a subdomain origin of the allowed origins. - supportedMethods: List of the supported HTTP methods. - supportedHeaders: The names of the supported author request headers. - exposedHeaders: List of the response headers other than simple response headers that the browser should expose to the author of the cross-domain request through the XMLHttpRequest.getResponseHeader() method. - supportsCredentials: Indicates whether user credentials, such as cookies, HTTP authentication or client-side certificates, are supported. - maxAge: Indicates how long the results of a preflight request can be cached by the web browser, in seconds.

Some samples: - Minimal contribution:

    <corsConfig name="minimal">
        <pattern>/nuxeo/site/.*</pattern>
    </corsConfig>

- Contribution with default values:

    <corsConfig allowGenericHttpRequests="true" allowOrigin="*"
        allowSubdomains="false" exposedHeaders="" maxAge="-1"
        name="defaults" supportedHeaders="*"
        supportedMethods="GET, POST, HEAD, OPTIONS" supportsCredentials="true">
        <pattern>/nuxeo/site/.*</pattern>
    </corsConfig>

- Other dummy contribution:

    <corsConfig allowGenericHttpRequests="true"
        allowOrigin="http://example.com http://example.com:8080"
        allowSubdomains="true" exposedHeaders="X-Custom-1, X-Custom-2"
        maxAge="3600" name="dummy"
        supportedHeaders="Content-Type, X-Requested-With"
        supportedMethods="GET" supportsCredentials="false">
        <pattern>/nuxeo/site/.*</pattern>
    </corsConfig>

@since 5.7.2

Contribution Descriptors

  • Class: org.nuxeo.ecm.platform.web.common.requestcontroller.service.NuxeoCorsFilterDescriptor

Contributions

No known contributions.