Cross-Origin Resource Sharing

Contents

Overview
Examples of Same Origins
Examples of Different Origins

Overview

LiveView supports Cross-Origin Resource Sharing (CORS) by enabling one resource origin (such as a LiveView server on the back end) to share LiveView data with another server (such as a customer's front end web server).

You configure origin resource sharing by setting a system property in a HOCON configuration file of type com.tibco.ep.ldm.configuration.ldmengine, which must reside in the src/main/configurations folder of your LiveView project in StreamBase Studio.

See LiveView Engine Configuration for more information on this file type's configuration options.

System property example:

name = "myldmengine"
version = "1.0.0"
type = "com.tibco.ep.ldm.configuration.ldmengine"
configuration = {
  LDMEngine = {
   systemProperties = {"liveview.server.allowedOrigins" = "*" }
  }
}

The system property can contain a comma-separated list of origins that are allowed to access the resources, where an origin is defined by the URI scheme (such as protocol), host (domain), and port of the URL used to access it. Note that two objects are the same origin when the scheme, host, and port all match.

In the example above, the line "liveview.server.allowedOrigins" = "*" means all origins.

If an allowed origin contains one or more * characters (such as in http://*.domain.com), then * characters are converted to .* whereas . characters are escaped to \. and the resulting allowed origin is interpreted as a regular expression. Allowed origins can therefore be more complex expressions such as https?://*.domain.[a-z] that matches http or https, multiple subdomains, and any three-letter top-level domain (such as .com, .net, .org, and so on).

Examples of Same Origins

The following examples contains the same origin because the scheme (http) and host (example.com) are identical: 

http://example.com/app1/index.html
http://example.com/app2/index.html

The following examples contains the same origin because a server delivers HTTP content through port 80 by default and case-insensitive:

http://Example.com:80
http://example.com

Examples of Different Origins

The following examples contain different schemes:

http://example.com/app1
https://example.com/app2

The following examples contain different hosts:

http://example.com
http://www.example.com
http://myapp.example.com

The following examples contain different ports:

http://example.com
http://example.com:8080