Enabling CORS not working in AEM Cloud | Community
Skip to main content
shelly-goel
Adobe Employee
shelly-goelAdobe Employee
Adobe Employee
July 7, 2021

Enabling CORS not working in AEM Cloud

  • July 7, 2021
  • 5 replies
  • 5158 views

I have enabled CORS for a specific domain and supportsCredentials as true.Below screenshot from AEM dev instance config

 

I have also added CORS headers in dispatcher - clientheaders.any file

 

However, request to AEM server still throws CORS error and there are no response headers

Chrome Dev Tools gives this error:

Access to fetch at 'https://author-p24737-e166384.adobeaemcloud.com/content/dam/nike.initiateUpload.json' from origin 'https://401518-contentsymphonydev-shelly.adobeio-static.net' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

 

So I explicitly added headers in supportedheaders as below:

Still getting the same issue.

Firefox preflight information below:

 

Sling Referrer Filter Config:


 

Now the CORS issue is resolved but it gives 403 Forbidden (other then GET calls). I read few articles and it mentioned to remove POST method from Sling Referrer Filter , I removed it but no difference
 

Another post mentions to remove POST from CSRF filter config. I don't think it's optimal to remove these methods from these configs. Please suggest a solution and why the access-control-allowed-methods header is not able to take care of this

https://stackoverflow.com/questions/22799024/cq5-403-forbidden-occurs-when-call-a-post-servlet?answertab=votes#tab-top

 

 

@3523747_Hoh @kautuk_sahni  Can you please tag Jorg_Hoh for me as I couldn't find him? Please also route it/ get it some attention from relevant folks in Adobe.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

5 replies

Kiran_Vedantam
Community Advisor
Kiran_VedantamCommunity Advisor
Community Advisor
July 7, 2021

Hi @shelly-goel 

 

Can you please try whitelisting this AEM server in the receiving server to resolve this issue?

 

Thanks,

Kiran Vedantam.

 

    Vijayalakshmi_S
    Vijayalakshmi_S
    Level 10
    July 7, 2021

    Hi @shelly-goel,

    Could you please confirm if you have allowed the origin(via Allow hosts or Allow Regexp Host) in Apache Sling Referrer Filter too ?

      shelly-goel
      Adobe Employee
      shelly-goelAdobe EmployeeAuthor
      Adobe Employee
      July 8, 2021
      Added Sling Referrer Filter config as well but not of much help
        Prince_Shivhare
        Community Advisor
        Prince_ShivhareCommunity Advisor
        Community Advisor
        July 7, 2021

        If you are trying to access the other endpoints from AEM, then it would requie to whitelisting of AEM cloud url from other endpoint side.

          shelly-goel
          Adobe Employee
          shelly-goelAdobe EmployeeAuthor
          Adobe Employee
          July 7, 2021
          It's not a whitelist issue, other AEM calls works fine.
            kautuk_sahni
            Community Manager
            kautuk_sahniCommunity Manager
            Community Manager
            July 12, 2021

            Jörg_Hoh, please assist here.

            Kautuk Sahni
            V
            venky1311
            November 30, 2021

            any solution for this issue, tried all the way but not able to resolve this issue.

              V
              venky1311
              December 21, 2022

              As a alternative, explicitly added allow rule in the location match which resolved the CORS issue.

              Header set Access-Control-Allow-Origin "*"
                Terms & ConditionsAccessibility statement

                Loading footer...