Configuring Cross-Origin Resource Sharing (CORS) - Platform - BlueCat Gateway - 22.4.1

Gateway Administration Guide

Locale
English (United States)
Product name
BlueCat Gateway
Version
22.4.1

Specify the CORS response headers for BlueCat Gateway.

Cross-Origin Resource Sharing is the HTTP header-based mechanism that lets a server indicate different origins than its own from which a browser should allow loading of resources. The origin of any web content is defined by the scheme (protocol), host (domain), and port of the URL used to access it. CORS also relies on a mechanism by which browsers make a preflight request to the server hosting the cross-origin resource, to check that the server will permit the actual request. The CORS mechanism supports secure cross-origin requests and data transfer between browsers and servers.

For more information on Cross-Origin Resource Sharing (CORS), refer to https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

To configure the Cross-Origin Resource Sharing response headers for BlueCat Gateway:

  1. Log in to BlueCat Gateway.

  2. Select Administration > Configurations > General Configuration.

  3. Click Security.

  4. In the Cross-Origin Resource Sharing section, configure the following.
    • In Allow Origin, specify the domain or domains from which cross-site access to the site's resources should be allowed. No other domain will be able to access the resource in a cross-site manner. To specify multiple domains, use a comma-separated list. By default, Allow Origin is set to the * wildcard, which means that any origin can access the resource.

    • In Allow Methods, enter a comma-separated list of allowed methods with which the resource can be queried. By default, Allow Methods is set to the following:
      GET,HEAD,POST,OPTIONS,PUT,PATCH,DELETE
    • In Allow Headers, enter a comma-separated list of permitted headers to use with the request. By default, the value is set to the * wildcard, allowing any header.

    • In Expose Headers, specify a comma-separated list of permitted headers to be exposed to the browser.

    • In Max Age (seconds), specify the maximum amount of time (in seconds) that the response to the preflight request can be cached without sending another preflight request.

    • Select the Send Wildcard for Origin checkbox to send a wildcard (*) as the origin.

    • Select the Allow Credentials checkbox to indicate whether or not the resonse to the request can be exposed when the credentials flag is true. Doing so enables the Access-Control-Allow-Credentials header.

    • Select the Send Vary Header checkbox to send Vary response headers. Do so if (for example) the server specifies a single dynamic origin instead of the * wildcard. In these cases, the server should include Origin in the Vary response header, indicating that the CORS headers are dynamic and should not be cached.

    • Select the Always send CORS header checkbox to always request CORS, meaning that the request includes an Origin header.

  5. When you're done, click Save.
    Note: You must restart the BlueCat Gatewaycontainer for changes to the Cross-Origin Resource Sharing (CORS) configuration to take effect.