Adobe Experience Manager Sites & More

Amit_Zulphe · 9/27/23

In AEM as a cloud service , there are couple of static pages which are consumed by website which does not share the same domain of these pages, By default when we try to load those pages on the website with different domain it gives CORS issue saying No "Access-Control-Allow-Origin" header present on the requested resource.

I referred to the adobe documentation suggested for configuring multiple domains to avoid CORS issue https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/d...

I tried to add below 2 lines as suggested for 2 domains. But even after adding these I am still getting the CORS issue when we try to load those static pages from configured domains.

-----------------------------------------------------------------------------------------------------------------------------------

SetEnvIfExpr "env('CORSProcessing') == 'true' && req_novary('Origin') =~ m#(https://my.\domain1.\com$)#" CORSTrusted=true

SetEnvIfExpr "env('CORSProcessing') == 'true' && req_novary('Origin') =~ m#(https://mydomain2.\com$)#" CORSTrusted=true

-------------------------------------------------------------------------------------------------------------------------------------

Do I need to do any additional configuration to make it work? Any suggestion which logs should I check to debug the issue?

Shashi_Mulugu · 9/27/23

@Amit_Zulphe you did almost right, just make sure two things, when you said you have two domains, do you have two different vhosts or one? Check which vhost file is getting executed and add in it. Also flush dispatcher cache once and then hit the direct dispatcher domain and you can check the headers in your browser network tab..

Amit_Zulphe · 9/28/23

Hi Sashi,

Thanks for the response. We have a single vhost. I have added the code inside the mod_headers.c section in that vhost file. I will check regrading flushing the dispatcher cache and see if it works.

aanchal-sikka · 9/27/23

hello @Amit_Zulphe

We would need an OSGi config and dispatcher config updates.

Allowing CORS request headers (dispatcher )
Adobe Granite Cross Origin Resource Sharing Policy (OSGi)

Please refer to following documentation for set up:

https://experienceleague.adobe.com/docs/experience-manager-learn/foundation/security/understand-cros...

Aanchal Sikka

Amit_Zulphe · 9/28/23

Hi Aanchal,

Thanks for the response. I had refereed to the same link which you shared. It is clearly mentioned there that if you are planning to enable CORS on publish the do it in dispatcher vhost file as AEM publish does not use OSGI configuration.

kautuk_sahni · 9/28/23

@Amit_Zulphe Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

Adobe Experience Manager Sites & More

Configuring Access Control Allow Origin for Multi domain on AEM CaaS

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe