CORS header support for WSO2 App Server with Apache Proxy
I will be explaining how to provide support for CORS (Cross Origin Resource Sharing) headers for JAX-RS services hosted on WSO2 Application Server. The support will be provided using Apache which is the proxy. I am going to use a sample deployed in WSO2 App server to demonstrate.
I have written a previous blog post on setting up SSL on Apache servers . Please refer that for instructions on setting up SSL. Below is the configuration to setup CORS. Substitute ’10.100.0.167’ for the machine IP/domain.
You need to have the below mods enabled in order for the above configuration to work.
What happens in the above config is that it will automatically generate the response for the preflight request (OPTIONS). This is done by the below config snippet
There are several headers that need to be setup for to enable CORS. They are setup using the headers module.
An interesting thing I am doing here is - using the Origin header to write back the Access-Control-Allow-Origin. It is generally recommended to only allow required methods and explicit headers.
If run the above code snippet, commenting the headers in the apache config file - we’ll be getting the below errors from the browser.
If successfully - you’ll get a 400 response (since the payload is incorrect) but the request passed through to the WSO2 App server.