How to enable the cross-origin resource sharing support in Talend MDM - 8.0

English (United States)
Talend MDM Platform
Talend MDM Server
Administration and Monitoring > Monitoring services

Cross-origin resource sharing support in MDM

You can enable the support of cross-origin resource sharing (CORS) in MDM when developing a web application consuming MDM REST resources.

By default, MDM does not support cross-origin resource sharing for security reasons.

What is cross-origin resource sharing?

The following explain the basic concepts of cross-origin resource sharing.

An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.

For more information about CORS and how it works, refer to

How to enable cross-origin resource sharing in MDM

The following introduce how to enable the cross-origin resource sharing support in MDM before consuming MDM REST resources.


  1. Stop your Tomcat server.
  2. Browse to the file <TomcatPath>/webapps/talendmdm/WEB-INF/web.xml and open it.
  3. Add the following web application filter:
    <!-- CORS for development only -->
          <param-value>YOUR WEB APP URL</param-value>

    In the filter, "YOUR WEB APP URL" indicates the base URL of your web application as displayed in your web browser, for example,

    Because MDM REST services require authentication, this URL is mandatory and cannot use a wildcard (*).

  4. Restart the Tomcat server.
  5. Verify that the cross-origin resource sharing support is enabled successfully.
    You can try to access an MDM resource from a web browser with developer tools and check that the following HTTP headers are sent back in the response body:
    Access-Control-Allow-Credentials: true
     Access-Control-Allow-Headers: x-requested-with, Authorization, Content-Type
     Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT, PATCH
     Access-Control-Allow-Origin: YOUR WEB APP URL
     Access-Control-Max-Age: 3600