Overview
CORS is defined as Cross-Origin Resource Sharing. By default, cross-domain HTTP requests initiated by the client are not allowed for security reasons. However, it might be useful to enable such requests for specific domains in some cases.
This article shares information about enabling CORS for On-Premise Jive.
Note: For more information, refer to this linked article about CORS by Mozilla (Firefox) Support.
Information
This request is beyond the scope of Jive Support.
If you need to enable CORS for On-Premise Jive, we recommend that you consult with your internal system administrator or security team and involve our Professional Services (PS) team to design and perform the necessary changes in your architecture.
Please contact your Account Manager to engage our PS team.
General Guideline for Reference
For your reference, here is the general guideline to help you enable this feature.
Follow the format of the server config file /usr/local/jive/etc/httpd/conf/httpd.conf
to add the desired <origin>
domains for CORS, as indicated below:
Header set Access-Control-Allow-Origin "<origin>"
Header set Access-Control-Allow-Methods "GET, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"
Header set Access-Control-Allow-Credentials "true"
Keep in mind that this may have adverse effects on the application stability, depending on:
- The number of calls made by the client during the runtime;
- The number of calls received by the hosts; and
- The ability of hosts to keep up an increased load.
There are several different scenarios for CORS usage. Each situation may pose different challenges and may or may not affect your Jive environment.
Note: We highly recommend that you accurately measure the performance over an extended period before and after implementing the change, especially in large-scale deployments.
Comments
0 comments
Please sign in to leave a comment.