Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Enabling CORS not working in AEM Cloud
I have enabled CORS for a specific domain and supportsCredentials as true.Below screenshot from AEM dev instance config
I have also added CORS headers in dispatcher - clientheaders.any file
However, request to AEM server still throws CORS error and there are no response headers
Chrome Dev Tools gives this error:
Access to fetch at 'https://author-p24737-e166384.adobeaemcloud.com/content/dam/nike.initiateUpload.json' from origin 'https://401518-contentsymphonydev-shelly.adobeio-static.net' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
So I explicitly added headers in supportedheaders as below:
Still getting the same issue.
Firefox preflight information below:
Sling Referrer Filter Config:
Now the CORS issue is resolved but it gives 403 Forbidden (other then GET calls). I read few articles and it mentioned to remove POST method from Sling Referrer Filter , I removed it but no difference
Another post mentions to remove POST from CSRF filter config. I don't think it's optimal to remove these methods from these configs. Please suggest a solution and why the access-control-allowed-methods header is not able to take care of this
@Jorg_Hoh @kautuk_sahni Can you please tag Jorg_Hoh for me as I couldn't find him? Please also route it/ get it some attention from relevant folks in Adobe.
