Content Application Developer Manual / Version 2010
Table Of ContentsAccess-Control-Allow-Origin
This solution is built into the CoreMedia Blueprint workspace, so you may use it out of the box. The idea
is to customize the same origin policy by setting the Access-Control-Allow-Origin HTTP header
accordingly.
The allowed origins can be configured via the property cae.preview.crossdomain-whitelist.
cae.preview.crossdomain-whitelist=http://my.site.domain1,http://my.site.domain2
If you do not want to override but to append allowed origins or to fine-tune the configuration for Cross-Origin Resource Sharing (CORS)
you can customize the bean caeCorsConfiguration.
The bean is of type org.springframework.web.cors.CorsConfiguration and it is defined in the
module cae-handlerservices.
<customize:append id="customCaeCorsConfiguration" bean="caeCorsConfiguration" property="allowedOrigins" custom-value="customOrigins"/>
In the bean, you can also configure the parameter allowedMethods, allowedHeaders
and allowedCredentials.