Configure CORS for the Liberty Profile of IBM WAS.
"Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to let a user agent gain permission to access selected resources from a server on a different origin (domain) than the site currently in use. A user agent makes a cross-origin HTTP request when it requests a resource from a different domain, protocol, or port than the one from which the current document originated.
An example of a cross-origin request: A HTML page served from http://domain-a.com makes an <img> src request for http://domain-b.com/image.jpg. Many pages on the web today load resources like CSS stylesheets, images, and scripts from separate domains, such as content delivery networks (CDNs).
For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. For example, XMLHttpRequest and the Fetch API follow the same-origin policy. This means that a web application using those APIs can only request HTTP resources from the same domain the application was loaded from unless CORS headers are used."
<!-- Enable features --> <featureManager> <feature>monitor-1.0</feature> <feature>jsp-2.2</feature> <feature>servlet-3.0</feature> <feature>ssl-1.0</feature> <feature>appSecurity-2.0</feature> <feature>adminCenter-1.0</feature> </featureManager> <!-- Add one stanza like this for each CLM context area --> <cors domain="/rm" allowedOrigins="https://clm.acme.com" allowedMethods="OPTIONS, GET, DELETE, POST, PUT, PATCH" allowedHeaders="Origin, Authorization, DoorsRP-Request-Type" exposeHeaders="WWW-Authenticate, X-jazz-web-oauth-url" allowCredentials="true" maxAge="3600" /> <!-- repeat the above for at least RM, CCM, and GC -->