Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-8057

DOC: Configure CORS using decoration

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Neutral
    • None
    • None
    • None
    • None

    Description

      Include in documentation a common and convenient way to configure CORS which is by decoration of a site/ multisite config.yaml 

       

      Here are notes from mmichel which may be useful for this task:

       

      CORS headers

       

      One of the common requirements when working on a light development project, is to get the CORS (Cross-Origin Resource Sharing) configuration right. Did you know that Magnolia allows to do this with less configuration than ever before?

       

      Indeed, although not documented on the thorough documentation page, a consequence of module configuration decoration through YAML files totally makes it possible.

       

      The prerequisites to configure CORS are indeed:

      • a REST endpoint, for the sake of the demonstration I'll use the status endpoint so we get straight to the point
      • the SiteAwareCorsFilter configured at /server/filters/cors@class, this is the default
      • and finally, a CORS module configuration for the site, at a tree like /modules/multisite/config/sites/<YOUR_SITE>/cors/<YOUR_SITE_CORS_NAME>

       

      Since this configuration 1. lives in the modules workspace, 2. already exists, then that means we can use definition decoration from the scope of a light module to extend it. Create the following file at the following path: modules/<YOUR_LIGHT_MODULE>/decorations/multisite/config.yaml.

       

      In that file, you can configure CORS as you would traditionally:

       

      sites:

        fallback:

          cors:

            fallback:

              uris:

                rest:

                  patternString: /.rest/*

              allowedOrigins:

                - http://localhost:8080

              allowedMethods:

                - GET

              allowedHeaders:

                - Accept

                - Content-Type

                - Origin

                - X-PINGOTHER

                - X-Requested-With

       

      Except you get the following benefits:

       

      • this configuration is independent from the instance's configuration. You do not need to write it to JCR using a Java-based module.
      • it lives in a plain-text file that can easily be added to a Git repository, with all the benefits this includes,
      • updating this configuration is also much easier. Just update the file and let Magnolia pick the change up!

       

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                mdrapela Martin Drápela
                czimmermann Christopher Zimmermann
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Checklists

                    Task DoR