Configuring Cross Origin Resource Sharing on a Liberty server


You can enable Cross Origin Resource Sharing (CORS) for your web applications on a Liberty server.

Enabling CORS will allow JavaScript clients to make requests against your application on the Liberty server even if the client and the server are on two different domains. Web browsers prevent these requests due to same-origin policy.

I create the following configuration on my local machine  on server.xml file:

<cors domain="/ApplicationContext" <-- application context. It will work only for this app.
   allowedOrigins="http://localhost:8080"  <-- this is my local Node.js Server.
   allowedMethods="GET, HEAD, POST, PUT"
   allowedHeaders="Referer, Cache-Control, Pragma, Accept, Accept-Language, Accept-Encoding, Accept-Charset, Content-Type, Content-Length, User-Agent, Authorization, passwd, X-Update-Nonce, X-Shindig-ST, X-IC-CRE-Request-Origin, X-IC-CRE-User, X-LConn-Auth, Accept*, Content*, Access-Control-Allow-Origin*"
exposeHeaders="Content-Type, Last-Modified, etag"
allowCredentials="true" maxAge="3600" />