Setup Guide for CORS (Cross-Origin Resource Sharing)

Alfresco 6.2+, 7.0+

  1. Edit /opt/alfresco/content-services/tomcat/shared/classes/alfresco-global.properties

    cors.enabled=true
    cors.allowSubdomains=true
    cors.allowed.origins=https://alfresco.sample.net,https://jira.sample.net
    cors.allowed.methods=GET,HEAD,POST,PUT,DELETE,OPTIONS
    cors.allowed.headers=Accept,Access-Control-Request-Headers,Access-Control-Request-Method,Authorization,Content-Type,Cache-Control,X-Requested-With,X-CSRF-Token
    cors.exposed.headers=Access-Control-Allow-Origin,Access-Control-Allow-Credentials
    cors.support.credentials=true
    cors.preflight.maxage=10
    cors.allowGenericHttpRequests=true
  2. Specify The URL to allow on the cross-domain to cors.allowed.origins value.
    (
    Asterisk can NOT be used here, but Please specify the appropriate both Jira and Alfresco domain.)
  3. Edit /opt/alfresco/content-services/tomcat/conf/server.xml

     <Connector port="8080" protocol="HTTP/1.1"
                   connectionTimeout="20000"
                   URIEncoding="UTF-8"
                   redirectPort="8443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"/>
  4. Add relaxedPathChars and relaxedQueryChars if they are not.
  5. Restart Alfresco

Alfresco 5.2 - 6.1

  1. Make sure /opt/alfresco-content-services/tomcat/webapps/alfresco/WEB-INF/lib and cors-filter-2.5.jar, java-property-utils-1.9.1.jar is located.

  2. Edit /opt/alfresco-content-services/tomcat/webapps/alfresco/WEB-INF/web.xml
  3. Uncomment <filter> between <!-- CORS Filter Begin --> and <!-- CORS Filter End -->

       <!-- CORS Filter Begin -->
       <filter>
          <filter-name>CORS</filter-name>
          <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
          <init-param>
             <param-name>cors.allowGenericHttpRequests</param-name>
             <param-value>true</param-value>
          </init-param>
          <init-param>
             <param-name>cors.allowOrigin</param-name>
             <param-value>http://localhost:8081</param-value>
          </init-param>
          <init-param>
             <param-name>cors.allowSubdomains</param-name>
             <param-value>true</param-value>
          </init-param>
          <init-param>
             <param-name>cors.supportedMethods</param-name>
             <param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value>
          </init-param>
          <init-param>
             <param-name>cors.supportedHeaders</param-name>
             <param-value>origin, authorization, x-file-size, x-file-name, content-type, accept, x-file-type</param-value>
          </init-param>
          <init-param>
             <param-name>cors.supportsCredentials</param-name>
             <param-value>true</param-value>
          </init-param>
          <init-param>
             <param-name>cors.maxAge</param-name>
             <param-value>3600</param-value>
          </init-param>
       </filter>
       <!-- CORS Filter End -->
  4. Specify The URL to allow on the cross-domain to cors.allowOrigin param-value of the init-param element.
    (
    Asterisk is specified here, but Please specify the appropriate URL.)

          <init-param>
             <param-name>cors.allowOrigin</param-name>
             <!--param-value>http://localhost:8081</param-value-->
             <param-value>*</param-value>
          </init-param>
  5. Uncomment <filter-mapping> between <!-- CORS Filter Mappings Begin --> and <!-- CORS Filter Mappings End -->.
       <!-- CORS Filter Mappings Begin -->
       <filter-mapping>
          <filter-name>CORS</filter-name>
          <url-pattern>/api/*</url-pattern>
          <url-pattern>/service/*</url-pattern>
          <url-pattern>/s/*</url-pattern>
          <url-pattern>/cmisbrowser/*</url-pattern>
       </filter-mapping>
       <!-- CORS Filter Mappings End -->
  6. Restart Alfresco

Alfresco 5.0.2 - 5.1

  1. Make sure /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/lib and cors-filter-1.9.3.jar,java-property-utils-1.9.1.jar is located.

  2. Edit /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/web.xml
  3. Uncomment <filter> between <!-- CORS Filter Begin --> and <!-- CORS Filter End -->

       <!-- CORS Filter Begin -->
       <filter>
          <filter-name>CORS</filter-name>
          <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
          <init-param>
             <param-name>cors.allowGenericHttpRequests</param-name>
             <param-value>true</param-value>
          </init-param>
          <init-param>
             <param-name>cors.allowOrigin</param-name>
             <param-value>http://localhost:8081</param-value>
          </init-param>
          <init-param>
             <param-name>cors.allowSubdomains</param-name>
             <param-value>true</param-value>
          </init-param>
          <init-param>
             <param-name>cors.supportedMethods</param-name>
             <param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value>
          </init-param>
          <init-param>
             <param-name>cors.supportedHeaders</param-name>
          </init-param>
          <init-param>
             <param-name>cors.supportsCredentials</param-name>
             <param-value>true</param-value>
          </init-param>
          <init-param>
             <param-name>cors.maxAge</param-name>
             <param-value>3600</param-value>
          </init-param>
       </filter>
       <!-- CORS Filter End -->
  4. Specify The URL to allow on the cross-domain to cors.allowOrigin param-value of the init-param element.
    (
    Asterisk is specified here, but Please specify the appropriate URL.)

          <init-param>
             <param-name>cors.allowOrigin</param-name>
             <!--param-value>http://localhost:8081</param-value-->
             <param-value>*</param-value>
          </init-param>
  5. Uncomment <filter-mapping> between <!-- CORS Filter Mappings Begin --> and <!-- CORS Filter Mappings End -->.
       <!-- CORS Filter Mappings Begin -->
       <filter-mapping>
          <filter-name>CORS</filter-name>
          <url-pattern>/api/*</url-pattern>
          <url-pattern>/service/*</url-pattern>
          <url-pattern>/s/*</url-pattern>
          <url-pattern>/cmisbrowser/*</url-pattern>
       </filter-mapping>
       <!-- CORS Filter Mappings End -->
  6. Restart Alfresco

Alfresco 5.0.1

  1. Put cors-filter-2.4.jar and java-property-utils-1.9.1.jar in /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/lib directory.

  2. Edit /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/web.xml as below.

    <filter> can be put anyware on web.xml
    But, <filter-mapping> must be put after "Global Localization Filter" and before "CMIS security context cleaning filter"
       <filter>
          <filter-name>JSF Session Synchronized Filter</filter-name>
          <filter-class>org.alfresco.repo.web.filter.beans.SessionSynchronizedFilter</filter-class>
       </filter>
     
       <!-- Add from here -->
       <filter>
          <filter-name>CORS</filter-name>
          <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
          <init-param>
             <param-name>cors.allowOrigin</param-name>
             <param-value>*</param-value>
          </init-param>
          <init-param>
             <param-name>cors.allowSubdomains</param-name>
             <param-value>true</param-value>
          </init-param>
          <init-param>
             <param-name>cors.supportedMethods</param-name>
             <param-value>GET, POST, HEAD, PUT, DELETE, OPTIONS</param-value>
          </init-param>
          <init-param>
             <param-name>cors.supportedHeaders</param-name>
             <param-value>Content-Type, Accept, Authorization</param-value>
          </init-param>
       </filter>
       <!-- Add up to here -->
       <filter-mapping>
          <filter-name>Global Localization Filter</filter-name>
          <url-pattern>/*</url-pattern>
          <dispatcher>REQUEST</dispatcher>
       </filter-mapping>
     
       <!-- Add from here -->
       <filter-mapping>
          <filter-name>CORS</filter-name>
          <url-pattern>/api/*</url-pattern>
          <url-pattern>/service/*</url-pattern>
          <url-pattern>/s/*</url-pattern>
          <url-pattern>/cmisbrowser/*</url-pattern>
       </filter-mapping>
       <!-- Add up to here -->
     
       <filter-mapping>
          <filter-name>CMIS security context cleaning filter</filter-name>
          <url-pattern>/cmisws/*</url-pattern>
       </filter-mapping>
  3. Restart Alfresco.

Reference.

About CORS.

Cross-origin resource sharing
W3C Cross-Origin Resource Sharing
Using CORS

About Alfresco's CORS module.

http://www.slideshare.net/jottley/cors-enable-alfresco-for-cors

http://software.dzhuvinov.com/cors-filter-installation.html

http://software.dzhuvinov.com/cors-filter-configuration.html