Configuring Access Control Allow Origin for Multi domain on AEM CaaS | Community
Skip to main content
A
Amit_Zulphe
Level 2
September 28, 2023

Configuring Access Control Allow Origin for Multi domain on AEM CaaS

  • September 28, 2023
  • 3 replies
  • 2466 views

In AEM as a cloud service , there are couple of static pages which are consumed by website which does not share the same domain of these pages, By default when we try to load those pages on the website with different domain it gives CORS issue saying No "Access-Control-Allow-Origin" header present on the requested resource. 

 

I referred to the adobe documentation suggested for configuring multiple domains to avoid CORS issue https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/deployments/configurations/cors.html?lang=en#dispatcher-configuration

 

I tried to add below 2 lines as suggested for 2 domains. But even after adding these I am still getting the CORS issue when we try to load those static pages from configured domains. 

-----------------------------------------------------------------------------------------------------------------------------------

SetEnvIfExpr "env('CORSProcessing') == 'true' && req_novary('Origin') =~ m#(https://my.\domain1.\com$)#" CORSTrusted=true

SetEnvIfExpr "env('CORSProcessing') == 'true' && req_novary('Origin') =~ m#(https://mydomain2.\com$)#" CORSTrusted=true

-------------------------------------------------------------------------------------------------------------------------------------

 

Do I need to do any additional configuration to make it work? Any suggestion which logs should I check to debug the issue?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

3 replies

Shashi_Mulugu
Community Advisor
Shashi_MuluguCommunity Advisor
Community Advisor
September 28, 2023

@amit_zulphe you did almost right, just make sure two things, when you said you have two domains, do you have two different vhosts or one? Check which vhost file is getting executed and add in it. Also flush dispatcher cache once and then hit the direct dispatcher domain and you can check the headers in your browser network tab.. 

    A
    Amit_ZulpheAuthor
    Level 2
    September 28, 2023

    Hi Sashi, 

     

    Thanks for the response. We have a single vhost. I have added the code inside the mod_headers.c section in that vhost file. I will check regrading flushing the dispatcher cache and see if it works. 

      aanchal-sikka
      Community Advisor
      aanchal-sikkaCommunity Advisor
      Community Advisor
      September 28, 2023

      hello @amit_zulphe 

       

      We would need an OSGi config and dispatcher config updates.

      • Allowing CORS request headers (dispatcher )
      • Adobe Granite Cross Origin Resource Sharing Policy (OSGi)

       

      Please refer to following documentation for set up:

      https://experienceleague.adobe.com/docs/experience-manager-learn/foundation/security/understand-cross-origin-resource-sharing.html?lang=en

      Aanchal Sikka
        A
        Amit_ZulpheAuthor
        Level 2
        September 28, 2023

        Hi Aanchal, 

         

        Thanks for the response. I had refereed to the same link which you shared. It is clearly mentioned there that if you are planning to enable CORS on publish the do it in dispatcher vhost file as AEM publish does not use OSGI configuration.

          kautuk_sahni
          Community Manager
          kautuk_sahniCommunity Manager
          Community Manager
          September 28, 2023

          @amit_zulphe Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

          Kautuk Sahni
          Terms & ConditionsAccessibility statement

          Loading footer...