Adobe Experience Manager Sites & More

sane · 11/26/25

Hi All,

I want to restrict the json coming from /content/dam/application/ to www.mydomain.com domain instead of a wildcard.

i want Restrict JSON file in dam path Access-Control-Allow-Origin to www.mydomain.com instead of complete *

Could you please help here

SantoshSai · 11/26/25

You can control the CORS header Access-Control-Allow-Origin for DAM JSON responses using the AEM Dispatcher or CDN layer. AEM itself does not set CORS for assets, so you need to configure it at the web tier.

How to restrict JSON under /content/dam/application/ to a specific domain:

Dispatcher (Apache)

Add a rewrite rule inside your vhost or rewrite rules:

<IfModule mod_headers.c>
    <LocationMatch "^/content/dam/application/.*\.json$">
        Header unset Access-Control-Allow-Origin
        Header set Access-Control-Allow-Origin "https://www.mydomain.com"
    </LocationMatch>
</IfModule>

This will override the default * and only allow your domain.

OR

AEM as a Cloud Service

If you're on AEMaaCS, you must configure CORS through the Dispatcher clientheaders.any + CDN layer, not directly in AEM.

Add a rule inside dispatcher/src/conf.d/cors/*.conf (or create a custom one):

<LocationMatch "^/content/dam/application/.*\.json$">
    Header unset Access-Control-Allow-Origin
    Header set Access-Control-Allow-Origin "https://www.mydomain.com"
</LocationMatch>

Then make sure the domain is declared in CORS Allowed Origins in Cloud Manager → Environments → Edit → CORS configuration.

Important Notes

AEM does not allow you to configure CORS per path inside OSGi configurations.
Path-based CORS control must be done in the web tier (Dispatcher / CDN).
Use LocationMatch so only JSON files under that DAM path get the domain restriction.