Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.

Configuring Access Control Allow Origin for Multi domain on AEM CaaS

Avatar

Level 2

In AEM as a cloud service , there are couple of static pages which are consumed by website which does not share the same domain of these pages, By default when we try to load those pages on the website with different domain it gives CORS issue saying No "Access-Control-Allow-Origin" header present on the requested resource. 

 

I referred to the adobe documentation suggested for configuring multiple domains to avoid CORS issue https://experienceleague.adobe.com/docs/experience-manager-learn/getting-started-with-aem-headless/d...

 

I tried to add below 2 lines as suggested for 2 domains. But even after adding these I am still getting the CORS issue when we try to load those static pages from configured domains. 

-----------------------------------------------------------------------------------------------------------------------------------

SetEnvIfExpr "env('CORSProcessing') == 'true' && req_novary('Origin') =~ m#(https://my.\domain1.\com$)#" CORSTrusted=true

SetEnvIfExpr "env('CORSProcessing') == 'true' && req_novary('Origin') =~ m#(https://mydomain2.\com$)#" CORSTrusted=true

-------------------------------------------------------------------------------------------------------------------------------------

 

Do I need to do any additional configuration to make it work? Any suggestion which logs should I check to debug the issue?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

5 Replies

Avatar

Community Advisor

@Amit_Zulphe you did almost right, just make sure two things, when you said you have two domains, do you have two different vhosts or one? Check which vhost file is getting executed and add in it. Also flush dispatcher cache once and then hit the direct dispatcher domain and you can check the headers in your browser network tab.. 

Avatar

Level 2

Hi Sashi, 

 

Thanks for the response. We have a single vhost. I have added the code inside the mod_headers.c section in that vhost file. I will check regrading flushing the dispatcher cache and see if it works. 

Avatar

Community Advisor

hello @Amit_Zulphe 

 

We would need an OSGi config and dispatcher config updates.

  • Allowing CORS request headers (dispatcher )
  • Adobe Granite Cross Origin Resource Sharing Policy (OSGi)

 

Please refer to following documentation for set up:

https://experienceleague.adobe.com/docs/experience-manager-learn/foundation/security/understand-cros...


Aanchal Sikka

Avatar

Level 2

Hi Aanchal, 

 

Thanks for the response. I had refereed to the same link which you shared. It is clearly mentioned there that if you are planning to enable CORS on publish the do it in dispatcher vhost file as AEM publish does not use OSGI configuration.

Avatar

Administrator

@Amit_Zulphe Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni