Skip to content

Commit

Permalink
Enhance CORS configuration for commerce web services in common.proper…
Browse files Browse the repository at this point in the history 
…ties and local.properties
  • Loading branch information
vahid.mehrjouei committed Dec 9, 2024
1 parent 2e93ffa commit 1a356c9
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 3 deletions.
10 changes: 7 additions & 3 deletions core-customize/hybris/config/environments/common.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,13 @@ occ.rewrite.overlapping.paths.enabled=true

corsfilter.acceleratorservices.allowedOrigins=${ccv2.services.jsapps.url.0} ${ccv2.services.accstorefront.url.0}
corsfilter.permissionswebservices.allowedOrigins=${ccv2.services.jsapps.url.0} ${ccv2.services.accstorefront.url.0}
corsfilter.commercewebservices.allowedOrigins=${ccv2.services.jsapps.url.0} ${ccv2.services.accstorefront.url.0}
corsfilter.commercewebservices.allowedHeaders=origin content-type accept authorization cache-control x-anonymous-consents x-profile-tag-debug x-consent-reference
corsfilter.commercewebservices.exposedHeaders=x-anonymous-consents

corsfilter.commercewebservices.allowedOriginPatterns=*
corsfilter.commercewebservices.allowedMethods=GET HEAD OPTIONS PATCH PUT POST DELETE
corsfilter.commercewebservices.allowedHeaders=origin content-type accept authorization cache-control if-none-match x-anonymous-consents x-profile-tag-debug x-consent-reference occ-personalization-id occ-personalization-time
corsfilter.commercewebservices.exposedHeaders=x-anonymous-consents occ-personalization-id occ-personalization-time
corsfilter.commercewebservices.allowCredentials=true

corsfilter.assistedservicewebservices.allowedOrigins=${ccv2.services.jsapps.url.0} ${ccv2.services.accstorefront.url.0}
corsfilter.assistedservicewebservices.allowedHeaders=origin content-type accept authorization cache-control x-anonymous-consents x-profile-tag-debug x-consent-reference
corsfilter.assistedservicewebservices.exposedHeaders=x-anonymous-consents
Expand Down
6 changes: 6 additions & 0 deletions core-customize/hybris/config/local.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,9 @@ csrf.allowed.url.patterns=/[^/]+(/[^?]*)+(sop/response)$,/[^/]+(/[^?]*)+(merchan
# enable payment mocks for local env
acceleratorservices.payment.sopmock.enabled=true
acceleratorservices.payment.hopmock.enabled=true

corsfilter.commercewebservices.allowedOriginPatterns=*
corsfilter.commercewebservices.allowedMethods=GET HEAD OPTIONS PATCH PUT POST DELETE
corsfilter.commercewebservices.allowedHeaders=origin content-type accept authorization cache-control if-none-match x-anonymous-consents x-profile-tag-debug x-consent-reference occ-personalization-id occ-personalization-time
corsfilter.commercewebservices.exposedHeaders=x-anonymous-consents occ-personalization-id occ-personalization-time
corsfilter.commercewebservices.allowCredentials=true

0 comments on commit 1a356c9

Please sign in to comment.