[MAGNOLIA-8057] DOC: Configure CORS using decoration Created: 13/Apr/21  Updated: 06/May/21

Status: Selected
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Christopher Zimmermann Assignee: Martin Drápela
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
is related to MAGNOLIA-8058 DOC: Update 'What is possible in LD' ... Open
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:

 Description   

Include in documentation a common and convenient way to configure CORS which is by decoration of a site/ multisite config.yaml 

 

Here are notes from mmichel which may be useful for this task:

 

CORS headers

 

One of the common requirements when working on a light development project, is to get the CORS (Cross-Origin Resource Sharing) configuration right. Did you know that Magnolia allows to do this with less configuration than ever before?

 

Indeed, although not documented on the thorough documentation page, a consequence of module configuration decoration through YAML files totally makes it possible.

 

The prerequisites to configure CORS are indeed:

  • a REST endpoint, for the sake of the demonstration I'll use the status endpoint so we get straight to the point
  • the SiteAwareCorsFilter configured at /server/filters/cors@class, this is the default
  • and finally, a CORS module configuration for the site, at a tree like /modules/multisite/config/sites/<YOUR_SITE>/cors/<YOUR_SITE_CORS_NAME>

 

Since this configuration 1. lives in the modules workspace, 2. already exists, then that means we can use definition decoration from the scope of a light module to extend it. Create the following file at the following path: modules/<YOUR_LIGHT_MODULE>/decorations/multisite/config.yaml.

 

In that file, you can configure CORS as you would traditionally:

 

sites:

  fallback:

    cors:

      fallback:

        uris:

          rest:

            patternString: /.rest/*

        allowedOrigins:

          - http://localhost:8080

        allowedMethods:

          - GET

        allowedHeaders:

          - Accept

          - Content-Type

          - Origin

          - X-PINGOTHER

          - X-Requested-With

 

Except you get the following benefits:

 

  • this configuration is independent from the instance's configuration. You do not need to write it to JCR using a Java-based module.
  • it lives in a plain-text file that can easily be added to a Git repository, with all the benefits this includes,
  • updating this configuration is also much easier. Just update the file and let Magnolia pick the change up!

 



 Comments   
Comment by Maxime Michel [ 14/Apr/21 ]

Would be great to publish this after my technical newsletter article, otherwise, well, there's no point in me having written that for that channel in the first place.

Generated at Mon Feb 12 04:29:15 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.