Expand my Community achievements bar.

Get ready! An upgraded Experience League Community experience is coming in January.
Learn more
SOLVED

Restrict JSON file in dam path Access-Control-Allow-Origin to www.mydomain.com instead of complete *

Avatar

Level 1
Level 1
11/26/25 9:51:15 AM

Hi All,

I want to restrict the json coming from /content/dam/application/ to www.mydomain.com domain instead of a wildcard.

 

i want Restrict JSON file in dam path Access-Control-Allow-Origin to www.mydomain.com instead of complete *

 

Could you please help here 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Experience Manager as a Cloud Service Experience Manager Assets

Views

327

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
11/28/25 8:32:02 AM

Hello @sane 

For AEMaaCS, this can be done at the CDN level using the CDN configuration pipeline and a response transformation rule that overrides Access-Control-Allow-Origin for the specific DAM path.

Example CDN config: set Access-Control-Allow-Origin: https://www.mydomain.com for JSON assets under /content/dam/application/ on stage/prod.

kind: "CDN"
version: "1"
metadata:
  envTypes: ["stage", "prod"]
data:
  responseTransformations:
    rules:
      - name: dam-json-cors
        when:
          allOf:
            # Limit to DAM JSON under /content/dam/application/
            - reqProperty: path
              matches: "^/content/dam/application/.*\\.json$"
        actions:
          - type: set
            respHeader: Access-Control-Allow-Origin
            value: "https://www.mydomain.com"


Place this cdn.yaml under your repository’s config/ folder and deploy via a Config Pipeline.
The set action on respHeader overrides the existing * value coming from the DAM/Blob stack.

Reference :

https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/con...

View solution in original post

Views

253

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Community Advisor
Community Advisor
11/26/25 10:57:48 AM

Hi @sane,

You can control the CORS header Access-Control-Allow-Origin for DAM JSON responses using the AEM Dispatcher or CDN layer. AEM itself does not set CORS for assets, so you need to configure it at the web tier.

How to restrict JSON under /content/dam/application/ to a specific domain:

Dispatcher (Apache)

Add a rewrite rule inside your vhost or rewrite rules:

<IfModule mod_headers.c>
    <LocationMatch "^/content/dam/application/.*\.json$">
        Header unset Access-Control-Allow-Origin
        Header set Access-Control-Allow-Origin "https://www.mydomain.com"
    </LocationMatch>
</IfModule>

This will override the default * and only allow your domain.

OR

AEM as a Cloud Service

If you're on AEMaaCS, you must configure CORS through the Dispatcher clientheaders.any + CDN layer, not directly in AEM.

Add a rule inside dispatcher/src/conf.d/cors/*.conf (or create a custom one):

<LocationMatch "^/content/dam/application/.*\.json$">
    Header unset Access-Control-Allow-Origin
    Header set Access-Control-Allow-Origin "https://www.mydomain.com"
</LocationMatch>

Then make sure the domain is declared in CORS Allowed Origins in Cloud Manager → Environments → Edit → CORS configuration.

Important Notes

  • AEM does not allow you to configure CORS per path inside OSGi configurations.

  • Path-based CORS control must be done in the web tier (Dispatcher / CDN).

  • Use LocationMatch so only JSON files under that DAM path get the domain restriction.


Santosh Sai

AEM BlogsLinkedIn


Views

310

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee
Employee
11/28/25 8:32:02 AM

Hello @sane 

For AEMaaCS, this can be done at the CDN level using the CDN configuration pipeline and a response transformation rule that overrides Access-Control-Allow-Origin for the specific DAM path.

Example CDN config: set Access-Control-Allow-Origin: https://www.mydomain.com for JSON assets under /content/dam/application/ on stage/prod.

kind: "CDN"
version: "1"
metadata:
  envTypes: ["stage", "prod"]
data:
  responseTransformations:
    rules:
      - name: dam-json-cors
        when:
          allOf:
            # Limit to DAM JSON under /content/dam/application/
            - reqProperty: path
              matches: "^/content/dam/application/.*\\.json$"
        actions:
          - type: set
            respHeader: Access-Control-Allow-Origin
            value: "https://www.mydomain.com"


Place this cdn.yaml under your repository’s config/ folder and deploy via a Config Pipeline.
The set action on respHeader overrides the existing * value coming from the DAM/Blob stack.

Reference :

https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/con...

Views

254

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Console error related to Guide Bridge after AEM LTS upgrade

Views

68

Likes

0

Replies

2
Numerical Selector for Json request is getting 404 Error from Dispatcher Filters

Views

75

Likes

0

Replies

2
I want to add pdf urls (pdf are present inside my dam folder) in my sitemap xml

Views

226

Likes

0

Replies

2
Uploading assets to AEM via the Desktop App

Views

118

Like

1

Replies

1
How to create permissions for groups that do not yet exist in AEM?

Views

110

Like

1

Replies

2