We have a serlvet which serves json to the front end which uses a fixed path, eg. /bin/myapi/somecall.
This works if you are calling it from the same host and port, but fails from anything else. E.g. devs hitting a local author from react from 3000 instead of 4502
The "understanding cors" page hints that you can configure this with XML which starts with <jcr:root xmlns:sling=...
The question is, where in our source code should these XML files live, and what should they be called?
There is a section in the http://localhost:4502/system/console/configMgr for "com.adobe.granite.cors.impl.CORSPolicyImpl.d5e5ad16-601e-4215-8bad-15f4980b7722" but this is not editable for some devs (i.e. save doesn't save).
Can Cors be configured with json osgi configs? If so, how does one know what number to put on the end for new ones? Is there an example of this anywhere?
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @TB3dock!
The required CORS configurations should be done as OSGI configurations on the "Adobe Granite Cross Origin Resource Sharing Policy" as pointed out in the documentation that you already mentioned. OSGI configurations are a common pattern in the AEM tech stack and you will find some additional explanations in some of your older threads on OSGI config topics. You should place an according OSGI config file (either XML or JSON format) in your code base, specifically into the ui.config module (if your project follows the AEM Maven archetype structure).
Please also refer to the following tutorial covering exactly your use case (as far as I understand your query):
Regarding your specific questions:
Hope that helps!
Hi @TB3dock
Here the exmaples are provided with XML. But if you want to use in AEM as Cloud, you can use the same as JSON and it can be stored under the osgi config folder where you kept all other OSGi configurations.
You need to add the your localhost:3000 to your allowedorigin property and it will allow you to make calls.
Thanks
Views
Replies
Total Likes
Hi @TB3dock
You can use something like below. Wherever we see some random number that is considered as a factory config.
com.adobe.granite.cors.impl.CORSPolicyImpl~yourproject.cfg.json
and the content can be:
{
"supportscredentials":true,
"exposedheaders":[
""
],
"supportedmethods":[
"GET",
"HEAD",
"POST"
],
"alloworigin":[
""
],
"maxage:Integer":1800,
"alloworiginregexp":[
"http://localhost:.*"
],
"allowedpaths":[
".*"
],
"supportedheaders":[
"Origin",
"Accept",
"X-Requested-With",
"Content-Type",
"Access-Control-Request-Method",
"Access-Control-Request-Headers",
"authorization"
]
}
Views
Replies
Total Likes
@TB3dock ,
Just to confirm if you are really getting CORS error or Authentication error, since localhost:4502 is generally considered as author instance which requires authentication, so if you want to call any servlet which requires authentication then you need to set authorization header while calling the servlet/API.
Other then this question, resource type based servlets are more preferable than path based ones because of security, dispatcher allow config, etc
Hi @TB3dock!
The required CORS configurations should be done as OSGI configurations on the "Adobe Granite Cross Origin Resource Sharing Policy" as pointed out in the documentation that you already mentioned. OSGI configurations are a common pattern in the AEM tech stack and you will find some additional explanations in some of your older threads on OSGI config topics. You should place an according OSGI config file (either XML or JSON format) in your code base, specifically into the ui.config module (if your project follows the AEM Maven archetype structure).
Please also refer to the following tutorial covering exactly your use case (as far as I understand your query):
Regarding your specific questions:
Hope that helps!
Thanks for the reply. I tried creating the following file: /myapp-web.ui.config/src/main/content/jcr_root/apps/eyas-web/osgiconfig/config.author.dev/com.adobe.granite.cors.impl.CORSPolicyImpl-myapp.cfg.json with the following content:
{
"alloworigin":["*"],
"alloworiginregexp":[],
"allowedpaths":[".*"],
"exposedheaders":[""],
"maxage":1800,
"supportedheaders":["*"],
"supportedmethods":["GET","POST"],
"supportedcredentials":"true"
}
When I build with the usual mvn clean install -PautoInstallSinglePackage, this config seems to be ignored: when I look in http://localhost:4502/system/console/configMgr its not there.
Any ideas? Are we sure it should be a minus sign between the PID and my app name?
I tried with a . instead of -, and I also tried putting the file in the global /config. Neither helped unfortunately.
Views
Replies
Total Likes
Views
Likes
Replies