Cross-origin resource sharing support in MDM
By default, MDM does not support cross-origin resource sharing for security reasons.
This article applies to all Talend Platform products with MDM 6.0 and later.
What is cross-origin resource sharing?
An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.
For more information about CORS and how it works, refer to http://www.html5rocks.com/en/tutorials/cors/.
How to enable cross-origin resource sharing in MDM
- Stop your Tomcat server.
- Browse to the file <TomcatPath>/webapps/talendmdm/WEB-INF/web.xml and open it.
Add the following web application filter:
<!-- CORS for development only --> <filter> <filter-name>CorsFilter</filter-name> <filter-class>com.amalto.core.util.CorsFilter</filter-class> <init-param> <param-name>allowed-origin</param-name> <param-value>YOUR WEB APP URL</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/services/rest/*</url-pattern> </filter-mapping>
In the filter, "YOUR WEB APP URL" indicates the base URL of your web application as displayed in your web browser, for example, http://192.168.174.170:3000.
Because MDM REST services require authentication, this URL is mandatory and cannot use a wildcard (*).
- Restart the Tomcat server.
Verify that the cross-origin resource sharing support is enabled
You can try to access an MDM resource from a web browser with developer tools and check that the following HTTP headers are sent back in the response body:
Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: x-requested-with, Authorization, Content-Type Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT, PATCH Access-Control-Allow-Origin: YOUR WEB APP URL Access-Control-Max-Age: 3600