Configure the CORS Implementation

CORS is pre-configured, but disabled, by default.

To allow a CORS request from a domain other than the one in which the ActiveMatrix BPM system is hosted, you need to add the domain to the BPM node's allowed referrers list.

Procedure

  1. Add the domain (from which you want to allow HTTP requests to ActiveMatrix BPM) to the referrers list, using the com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.referers node-level JVM property. For example: 
    com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.referers=example.com

    See "HTTP Request Referrer Header Validation" in TIBCO ActiveMatrix BPM SOA Administration for more information.

  2. Restart the node.
  3. If you want to provide more granular control over the access from this domain, edit the amx.bpm.app application-level CORS substitution variables to suit your requirements:
    1. Log in to TIBCO ActiveMatrix Administrator.
    2. Click Applications.
    3. Select amx.bpm.app > System > amx.bpm.app.
    4. On the Substitution Variables tab, find the variable in the Substitution Variable Name column, and edit the value in the Local Value column (if multiple values are specified, comma-separate them).
  4. Re-deploy the amx.bpm.app application for the changes to take effect.