Skip to content

Configuring Cross-Origin Resource Sharing (CORS)

As a security measure, modern web browsers restrict the types of interactions that are permitted between distinct web sites. This can cause problems when attempting cross-site integration, for example when embedding the HACloud web client into another website, such as a portal. CORS is a standard mechanism that you can use to specify that the browser permit access from one site to another site.

You can configure the HACloud session server to include the required CORS HTTP header when it responds to the web requests by updating the service.yml file.

  1. Open <install directory>/sessionserver/microservices/sessionserver/service.yml.

  2. To the file, add

         -name: CORS_ALLOWED_ORIGINS
      value: "https://integration-server1.com"

  3. Restart the session server.

You can set this value to a comma-delimited list of allowed origins or use * to allow access from all origins (Allowing this kind of open access may be a security risk). If you use the wild card option(*), be aware that web browsers impose additional restrictions, such as limited Cookie access. For more information, see Cross-Origin Resource Sharing (CORS) - HTTP/MDN.