Implementing CORS headers

Discussion created by jlisburn on Sep 10, 2018
Latest reply on Sep 11, 2018 by nicolai

I'm trying to get information from another system via XML and it is reporting and error when making its call to the FM server:


No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://the_originating_system_is_listed_here' is therefore not allowed access. The response had HTTP status code 401


I've tried adding following code to the http.conf (and the 2.4) and also putting that info into an .htaccess file as described (https://enable-cors.org/server_apache.html ), but I can't get it to work, my SSL is working correctly (thanks guys)


Header always set Access-Control-Allow-Origin "*"




AllowOverride All

Header always set Access-Control-Allow-Origin "https://the_originating_system_is_listed_here"

Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"

Header always set Access-Control-Max-Age "1000"

Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-sec$"



Where should this code officially go for FM apache install (MacOS)? Is my code correct, and do I need it all?