{"id":16121,"date":"2020-08-08T04:46:25","date_gmt":"2020-08-08T11:46:25","guid":{"rendered":"https:\/\/ephesoft.com\/docs\/?p=16121"},"modified":"2020-10-27T15:36:31","modified_gmt":"2020-10-27T22:36:31","slug":"kb00023267-how-to-enable-cors-in-ephesoft-transact","status":"publish","type":"post","link":"https:\/\/ephesoft.com\/docs\/kb00023267-how-to-enable-cors-in-ephesoft-transact\/","title":{"rendered":"How to Enable CORS in Ephesoft Transact"},"content":{"rendered":"
In this article, you will learn how to enable Cross-origin Resource Sharing (CORS) in Ephesoft Transact. Enabling CORS will resolve Access Control Allow Origin Exception with your web application.<\/span><\/p>\n CORS is a security feature that uses HTTP Headers that can be sent from the web server and interpreted by the browser to allow the browser to decide if it should proceed with a request or not. Part of the CORS mechanism involves the browser making a \u2018preflight\u2019 OPTIONS request to the web server so it can decide if it should send the actual request or not. <\/span><\/p>\n Note: <\/strong>CORS checks are only made for requests that are not categorized as “simple requests” and one of the triggers for requests to our APIs is the inclusion of an “Authorization” header.<\/span><\/p>\n CORS is controlled by the client so any custom code is written in Java for example or any custom requests made in PostMan will not be affected by CORS, however, any custom code that is executed by a modern web browser such as JavaScript will be affected by CORS.<\/span><\/p>\n So in the current Ephesoft Transact configuration, we have two issues:<\/span><\/p>\n Add the following lines to\u00a0web.xml\u00a0<\/strong>file, located at [Ephesoft_Directory]<\/em>\\JavaAppServer\\conf\\.<\/span><\/p>\n Enter the originating server URL in the field <server URL><\/em><\/strong>. For enabling CORS requests from multiple origins, separate each URL with a comma.<\/span><\/p>\n Add the following lines to web.xml <\/strong>file. Do not merge this security restraint with an existing \/rest\/*<\/strong> security restraint in the web.xml<\/strong>.<\/span><\/p>\n In this article, you will learn how to enable Cross-origin Resource Sharing (CORS) in Ephesoft Transact. Enabling CORS will resolve […]<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[636,361],"yoast_head":"\nWhat is CORS?<\/strong><\/span><\/h2>\n
\n
Steps to Enable CORS<\/b><\/span><\/h2>\n
<filter>\r\n\t<filter-name>CorsFilter<\/filter-name>\r\n\t<filter-class><\/span>org.apache.catalina.filters.CorsFilter<\/filter-class><\/span>\r\n\t<init-param>\r\n\t\t<param-name>cors.allowed.origins<\/param-name>\r\n\t\t<param-value><serverURL><\/strong><\/em><\/param-value>\r\n\t<\/init-param>\r\n\t<init-param>\r\n\t\t<param-name>cors.allowed.methods<\/param-name>\r\n\t\t<param-value>GET,POST,HEAD,OPTIONS,PUT<\/param-value>\r\n\t<\/init-param>\r\n\t<init-param>\r\n\t\t<param-name>cors.allowed.headers<\/param-name>\r\n\t\t<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Content-Disposition, Authorization<\/param-value>\r\n\t<\/init-param>\r\n\t<init-param>\r\n\t\t<param-name>cors.exposed.headers<\/param-name>\r\n\t\t<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials<\/param-value>\r\n\t<\/init-param>\r\n\t<init-param>\r\n\t\t<param-name>cors.support.credentials<\/param-name>\r\n\t\t<param-value>true<\/span><\/param-value>\r\n\t<\/init-param>\r\n\t<init-param>\r\n\t\t<param-name>cors.preflight.maxage<\/param-name>\r\n\t\t<param-value>10<\/param-value>\r\n\t<\/init-param>\r\n<\/filter>\r\n\r\n<filter-mapping>\r\n\t<filter-name>CorsFilter<\/filter-name>\r\n\t<url-pattern>\/*<\/url-pattern>\r\n<\/filter-mapping><\/span><\/pre>\n
<security-constraint>\r\n\t<web-resource-collection>\r\n\t\t<web-resource-name>web service<\/web-resource-name>\r\n\t\t<url-pattern>\/rest<\/span>\/*<\/url-pattern>\r\n\t\t<http-method>OPTIONS<\/http-method>\r\n\t<\/web-resource-collection>\r\n<\/security-constraint><\/span><\/pre>\n","protected":false},"excerpt":{"rendered":"