How to enable the cross-origin resource sharing support in Talend MDM

author
Talend Documentation Team
EnrichVersion
6.5
EnrichProdName
Talend MDM Platform
Talend Data Fabric
task
Administration and Monitoring > Monitoring services
EnrichPlatform
Talend MDM Server

Cross-origin resource sharing support in MDM

You can enable the support of cross-origin resource sharing (CORS) in MDM when developing a web application consuming MDM REST resources.

By default, MDM does not support cross-origin resource sharing for security reasons.

This article applies to all Talend Platform products with MDM 6.0 and later.

What is cross-origin resource sharing?

The following explain the basic concepts of cross-origin resource sharing.

An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.

For more information about CORS and how it works, refer to http://www.html5rocks.com/en/tutorials/cors/.

How to enable cross-origin resource sharing in MDM

The following introduce how to enable the cross-origin resource sharing support in MDM before consuming MDM REST resources.

Procedure

  1. Stop your Tomcat server.
  2. Browse to the file <TomcatPath>/webapps/talendmdm/WEB-INF/web.xml and open it.
  3. Add the following web application filter:
    <!-- CORS for development only -->
    <filter>
       <filter-name>CorsFilter</filter-name>
       <filter-class>com.amalto.core.util.CorsFilter</filter-class>
       <init-param>
          <param-name>allowed-origin</param-name>
          <param-value>YOUR WEB APP URL</param-value>
       </init-param>
    </filter>
    <filter-mapping>
       <filter-name>CorsFilter</filter-name>
       <url-pattern>/services/rest/*</url-pattern>
    </filter-mapping>

    In the filter, "YOUR WEB APP URL" indicates the base URL of your web application as displayed in your web browser, for example, http://192.168.174.170:3000.

    Because MDM REST services require authentication, this URL is mandatory and cannot use a wildcard (*).

  4. Restart the Tomcat server.
  5. Verify that the cross-origin resource sharing support is enabled successfully.
    You can try to access an MDM resource from a web browser with developer tools and check that the following HTTP headers are sent back in the response body:
     Access-Control-Allow-Credentials: true
    
     Access-Control-Allow-Headers: x-requested-with
    
     Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT, PATCH
    
     Access-Control-Allow-Origin: YOUR WEB APP URL
    
     Access-Control-Max-Age: 3600