Configuring CORS for IBM WAS Liberty

Configure CORS for the Liberty Profile of IBM WAS.

About this task


"Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to let a user agent gain permission to access selected resources from a server on a different origin (domain) than the site currently in use. A user agent makes a cross-origin HTTP request when it requests a resource from a different domain, protocol, or port than the one from which the current document originated.

An example of a cross-origin request: A HTML page served from http://domain-a.com makes an <img> src request for http://domain-b.com/image.jpg. Many pages on the web today load resources like CSS stylesheets, images, and scripts from separate domains, such as content delivery networks (CDNs).

For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. For example, XMLHttpRequest and the Fetch API follow the same-origin policy. This means that a web application using those APIs can only request HTTP resources from the same domain the application was loaded from unless CORS headers are used."

Procedure
  1. Consult official IBM Liberty Documentation for the specific version of IBM WAS Liberty in use
  2. Stop the CLM Server
  3. Edit the <liberty>\conf\server.xml file
        <!-- Enable features -->
        <featureManager>
                <feature>monitor-1.0</feature>
                <feature>jsp-2.2</feature>
                <feature>servlet-3.0</feature>
                <feature>ssl-1.0</feature>
                <feature>appSecurity-2.0</feature>
                <feature>adminCenter-1.0</feature>
        </featureManager>
        
        <!-- Add one stanza like this for each CLM context area -->
        <cors domain="/rm"
                allowedOrigins="https://clm.acme.com"
                allowedMethods="OPTIONS, GET, DELETE, POST, PUT, PATCH"
                allowedHeaders="Origin, Authorization, DoorsRP-Request-Type"
                exposeHeaders="WWW-Authenticate, X-jazz-web-oauth-url"
                allowCredentials="true"
                maxAge="3600" />

        <!-- repeat the above for at least RM, CCM, and GC -->

  1. Re-start the CLM server.