Configure the CORS implementation

CORs is pre-configured, but disabled, by default.

To enable CORs, you must make a change to the substitution variables by, at a minimum, adding the appropriate headers to the cors.allowedHeaders variable. Also, by default, the cors.allowedDomains variable is set to *, which opens all domains. This should be set to only allow the required domains.

Procedure

  1. Log on to TIBCO ActiveMatrix Administrator.
  2. Click Applications.
  3. Select amx.bpm.app > System > amx.bpm.app.
  4. From the General tab, select com.tibco.amxbpm.fullnode > RestServices > implementation.CORS.

    The CORS implementation Details pane opens.

  5. To view the Properties and Substitution Variables, do the following:
    1. Click the Properties link for the CORS Properties.
    2. Click the Substitution Variables link, and expand BPMNode for the Substitution Variables.
  6. To edit the Properties and Substitution Variables, do the following:
    1. Click the Properties tab, find the property in the Property Name column, and edit the value in the Property Value column.
    2. Click the Substitution Variables tab, find the variable in the Substitution Variable Name column, and edit the value in the Local Value column (if multiple values are specified, comma-separate them).
    3. Click Save to save changes.

    A systems administrator should edit the following Substitution Variables:

    • cors.allowedOrigins

      This is set to * by default, which opens all domains. It should be set to only the required domains.

    • cors.allowedHeaders
      At a minimum, you will need to add the following headers to this substitution variable:
      • content-type, authorization
      However, depending on your situation, additional headers may be required. As an example:
      • content-type, authorization, Cache-Control, Pragma, Origin, X-Requested-With, Access-Control-Allow-Headers
  7. Re-deploy the amx.bpm.app application for the changes to take effect.