Securing Cross-Site Requests to MCS APIs by Lonneke Dikmans

Posted: May 26, 2017 in Cloud, Mobile
Tags: , , ,
image

When your Oracle Mobile Cloud Service APIs are being accessed by a remote server, it is important you manage cross-origin resource sharing (CORS) We ran into this issue when we were building the solution for the Oracle cloud day. The MCS APIs were accessed by a Web Application that was hosted on a different domain, not on our Oracle PaaS domain. When calling an API from the application, we received the error:
XMLHttpRequest cannot load: [request url]. Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin [origin domain] is therefore not allowed access. The response had HTTP status 401.
You can either disallow CORS altogether, or whitelist specific sites.  This is done by setting a property in policies.properties: Security_AllowOrigin.
An example of the property can be seen below: Read the complete article here.

WebLogic Partner Community

For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn Forum Wiki

Technorati Tags: WebLogic Community,Oracle,OPN,Jürgen Kress

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s