Enhanced Cross Origin Resource Sharing Configuration | HCL Digital Experience

Enhanced Cross Origin Resource Sharing Configuration adds new options for HCL Digital
 Experience administrators to set configuration for CORS using a WP configuration service in
 the IBM WebSphere Application Server resource environment provider. This new configuration
 option is supported with HCL DX 9.5 Container Update CF195 and higher, and HCL DX CF196 and
 higher for customers deploying to on premises platforms.


CORS stands for "Cross Origin Resource Sharing" and describes a pattern on how to
 share data between different source origins for JavaScript. There is high demand
 within the Web Community to mashup services and combine them in a common UI. Up
 until this option, Web browsers did not allow requests to systems to be send across
 Origin borders. CORS changes this paradigm and now pushes the responsibility for
 such verifications to the Web server. To support this, the server side needs to
 differentiate if the incoming request is trusted and should be processed, or if it
 should be blocked.

How to work with CORS in HCL DX

It is possible to control which origins can work with an instance of HCL Digital
 Experience core Portal and Web Content services. By default, DX only grants
 JavaScript of the same origin access to functions of the DX server. You can modify
 this default by configuring a list of trusted domains inside of DX. Prior to this
 configuration update, the list of trusted domains had to be defined in the DX
 web.xml, which added steps to deploy and update.

Reference the existing documentation on the HCL Support Site – Technote that presents
 these steps, for the current supported deployment pattern: DX CORS Headers

This enhancement, available with HCL DX 9.5 Container Update CF195 and higher enables
 the configuration to be set inside the WP ConfigService IBM WebSphere Application
 Server resource environment provider. The change requires a restart of HCL DX Core. 


The sample below shows how to define the properties for two

test.hcl.com com.ibm.portal.cors.domain.0.methods=PUT, GET 




Configuration explanation

Defines the max age for the granted permission. Default value is
Defines the methods allowed for this domain. Default is GET,
Headers to allow.
Headers to expose.