Setup Guide for CORS (Cross-Origin Resource Sharing)
Alfresco 6.2+, 7.0+
Edit /opt/alfresco/content-services/tomcat/shared/classes/alfresco-global.properties
cors.enabled=true cors.allowSubdomains=true cors.allowed.origins=https://alfresco.sample.net,https://jira.sample.net cors.allowed.methods=GET,HEAD,POST,PUT,DELETE,OPTIONS cors.allowed.headers=Accept,Access-Control-Request-Headers,Access-Control-Request-Method,Authorization,Content-Type,Cache-Control,X-Requested-With,X-CSRF-Token cors.exposed.headers=Access-Control-Allow-Origin,Access-Control-Allow-Credentials cors.support.credentials=true cors.preflight.maxage=10 cors.allowGenericHttpRequests=true
- Specify The URL to allow on the cross-domain to cors.allowed.origins value.
(Asterisk can NOT be used here, but Please specify the appropriate both Jira and Alfresco domain.) Edit /opt/alfresco/content-services/tomcat/conf/server.xml
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"/>
Add relaxedPathChars and relaxedQueryChars if they are not.
- Restart Alfresco
Alfresco 5.2 - 6.1
Make sure /opt/alfresco-content-services/tomcat/webapps/alfresco/WEB-INF/lib and cors-filter-2.5.jar, java-property-utils-1.9.1.jar is located.
- Edit /opt/alfresco-content-services/tomcat/webapps/alfresco/WEB-INF/web.xml
Uncomment <filter> between <!-- CORS Filter Begin --> and <!-- CORS Filter End -->
<!-- CORS Filter Begin --> <filter> <filter-name>CORS</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> <init-param> <param-name>cors.allowGenericHttpRequests</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.allowOrigin</param-name> <param-value>http://localhost:8081</param-value> </init-param> <init-param> <param-name>cors.allowSubdomains</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.supportedMethods</param-name> <param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value> </init-param> <init-param> <param-name>cors.supportedHeaders</param-name> <param-value>origin, authorization, x-file-size, x-file-name, content-type, accept, x-file-type</param-value> </init-param> <init-param> <param-name>cors.supportsCredentials</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.maxAge</param-name> <param-value>3600</param-value> </init-param> </filter> <!-- CORS Filter End -->
Specify The URL to allow on the cross-domain to cors.allowOrigin param-value of the init-param element.
(Asterisk is specified here, but Please specify the appropriate URL.)<init-param> <param-name>cors.allowOrigin</param-name> <!--param-value>http://localhost:8081</param-value--> <param-value>*</param-value> </init-param>
Uncomment <filter-mapping> between <!-- CORS Filter Mappings Begin --> and <!-- CORS Filter Mappings End -->.
<!-- CORS Filter Mappings Begin --> <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/api/*</url-pattern> <url-pattern>/service/*</url-pattern> <url-pattern>/s/*</url-pattern> <url-pattern>/cmisbrowser/*</url-pattern> </filter-mapping> <!-- CORS Filter Mappings End -->
Restart Alfresco
Alfresco 5.0.2 - 5.1
Make sure /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/lib and cors-filter-1.9.3.jar,java-property-utils-1.9.1.jar is located.
- Edit /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/web.xml
Uncomment <filter> between <!-- CORS Filter Begin --> and <!-- CORS Filter End -->
<!-- CORS Filter Begin --> <filter> <filter-name>CORS</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> <init-param> <param-name>cors.allowGenericHttpRequests</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.allowOrigin</param-name> <param-value>http://localhost:8081</param-value> </init-param> <init-param> <param-name>cors.allowSubdomains</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.supportedMethods</param-name> <param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value> </init-param> <init-param> <param-name>cors.supportedHeaders</param-name> </init-param> <init-param> <param-name>cors.supportsCredentials</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.maxAge</param-name> <param-value>3600</param-value> </init-param> </filter> <!-- CORS Filter End -->
Specify The URL to allow on the cross-domain to cors.allowOrigin param-value of the init-param element.
(Asterisk is specified here, but Please specify the appropriate URL.)<init-param> <param-name>cors.allowOrigin</param-name> <!--param-value>http://localhost:8081</param-value--> <param-value>*</param-value> </init-param>
Uncomment <filter-mapping> between <!-- CORS Filter Mappings Begin --> and <!-- CORS Filter Mappings End -->.
<!-- CORS Filter Mappings Begin --> <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/api/*</url-pattern> <url-pattern>/service/*</url-pattern> <url-pattern>/s/*</url-pattern> <url-pattern>/cmisbrowser/*</url-pattern> </filter-mapping> <!-- CORS Filter Mappings End -->
Restart Alfresco
Alfresco 5.0.1
Put cors-filter-2.4.jar and java-property-utils-1.9.1.jar in /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/lib directory.
Edit /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/web.xml as below.
<filter> can be put anyware on web.xml
But, <filter-mapping> must be put after "Global Localization Filter" and before "CMIS security context cleaning filter"
<filter> <filter-name>JSF Session Synchronized Filter</filter-name> <filter-class>org.alfresco.repo.web.filter.beans.SessionSynchronizedFilter</filter-class> </filter> <!-- Add from here --> <filter> <filter-name>CORS</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> <init-param> <param-name>cors.allowOrigin</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.allowSubdomains</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.supportedMethods</param-name> <param-value>GET, POST, HEAD, PUT, DELETE, OPTIONS</param-value> </init-param> <init-param> <param-name>cors.supportedHeaders</param-name> <param-value>Content-Type, Accept, Authorization</param-value> </init-param> </filter> <!-- Add up to here --> <filter-mapping> <filter-name>Global Localization Filter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> <!-- Add from here --> <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/api/*</url-pattern> <url-pattern>/service/*</url-pattern> <url-pattern>/s/*</url-pattern> <url-pattern>/cmisbrowser/*</url-pattern> </filter-mapping> <!-- Add up to here --> <filter-mapping> <filter-name>CMIS security context cleaning filter</filter-name> <url-pattern>/cmisws/*</url-pattern> </filter-mapping>
Restart Alfresco.
Reference.
About CORS.
Cross-origin resource sharing
W3C Cross-Origin Resource Sharing
Using CORS
About Alfresco's CORS module.
http://www.slideshare.net/jottley/cors-enable-alfresco-for-cors
http://software.dzhuvinov.com/cors-filter-installation.html
http://software.dzhuvinov.com/cors-filter-configuration.html