Enabling CORS

If you want to use an external web site to call Spectrum™ Technology Platform, Cross-Origin Resource Sharing (CORS) must be enabled. CORS prevents unauthorized web applications from using services from a server like the Spectrum™ Technology Platform. You can find more information on enabling CORS in your Spectrum™ Technology Platform Administration Guide.

  1. Edit the spectrum-advanced.properties in the Spectrum/server/app/conf folder.
  2. Set the spectrum.jetty.cors.enabled property to true to enable CORS. The default is false.
  3. Add your web server host name to the spectrum.jetty.cors.allowedOrigins property that contains a comma separated list of origins that are allowed to access resources on the Spectrum™ Technology Platform server. The default value is http://localhost:8080,http://localhost:443.
    Change to something similar to:
    spectrum.jetty.cors.allowedOrigins=http://myserver:port.
    In this example, myserver is the machine name for the web server. The machine name is case sensitive. You need to change that to your server (machine) name. In most cases, the server name needs to be in lower case. Also, define the port that the web server uses.
  4. In the spectrum-advanced.properties file, to allow CORS authentication, add ", Authorization” to the end of the spectrum.jetty.cors.allowedHeaders option. For example: 
    spectrum.jetty.cors.allowedHeaders=X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Authorization