Content Application Developer Manual / Version 2101
Table Of ContentsAccess-Control-Allow-Origin
This solution is built into the CoreMedia Blueprint workspace, so you may use it out of the box. The idea
is to customize the same origin policy by setting the Access-Control-Allow-Origin HTTP header
accordingly.
The allowed origins can be configured via the properties cae.cors.allowed-origins-for-url-pattern[*].
cae.cors.allowed-origins-for-url-pattern[{path\:.*}]= \
http://my.site.domain1,https://my.site.domain2
To fine-tune the configuration for Cross-Origin Resource Sharing (CORS), use the provided
cae.cors configuration properties. See
CaeHandlerServicesConfiguration#caeCorsConfigurations(CaeCorsConfigurationProperties,ObjectProvider),
CaeCorsConfigurationProperties and
Section 4.1.4, “CORS Properties” in Deployment Manual.
