3

I have installed IBM ODM through docker. I need to set up CORS(Cross-Origin Resource Sharing) policy for liberty server. I did CORS set up in server.xml in my local. But I didn't know how to do for docker installation.

I added below lines of code in server.xml located under /opt/ibm/wlp/usr/servers/defaultServer.

But getting error message called Access to XMLHttpRequest at 'http://18.3.4.71.compute.amazonaws.com/DecisionService/rest/v1/deployment/insurance_offer/WADL' from origin 'http://nbo-ui.s3-website-ap-1.amazonaws.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Srilatha Kota
  • 31
  • 2

1 Answers1

2

There are two ways you can enable CORS for a Liberty server:

  1. Use a JAX-RS response filter (if the endpoints are JAX-RS resources)
  2. Use the <cors> configuration element in server.xml

To use the JAX-RS response filter way:

Add this class to your JAX-RS application:

@Provider
public class CORSFilter implements ContainerResponseFilter {
    @Override
    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
        responseContext.getHeaders().add("Access-Control-Allow-Origin", "*");
        responseContext.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
        responseContext.getHeaders().add("Access-Control-Allow-Credentials", "true");
        responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
        responseContext.getHeaders().add("Access-Control-Max-Age", "1209600");
    }
}

To use the server.xml way:

Add the following configuration element to your server.xml:

    <!-- May need to adjust the 'domain' depending on 
         what elements you want to enable CORS for -->
    <cors domain="/"
          allowedOrigins="*"
          allowedMethods="GET, DELETE, POST, PUT"
          allowedHeaders="origin, content-type, accept, authorization, cache-control"
          maxAge="3600" />

If you are using the server.xml way with Docker, if you aren't doing so already, you need to add the server.xml configuration into your Docker image like this:

FROM open-liberty:microProfile2
ADD --chown=1001:0 build/libs/myApp.war /config/dropins
# Assuming the server.xml is in the src/main/liberty/config/ folder
COPY --chown=1001:0 src/main/liberty/config /config/
Andy Guibert
  • 41,446
  • 8
  • 38
  • 61
  • 1
    There is also an Open Liberty guide enabling CORS at https://openliberty.io/guides/cors.html, which covers the 2nd approach mentioned i.e. the server.xml way. – ykchang Jun 24 '19 at 16:01
  • I pasted the above lines in server.xml. but still same issue. Please help me out CORS setup for liberty in docker installation – Srilatha Kota Jul 08 '19 at 08:41
  • @andy-guibert I am facing same issue and tried adding element in the server.xml, but didn't worked it, Can you please help me here if any other solution available. Thanks in advance. – Ram Jadhav May 20 '20 at 14:41