Team,
We have a requirement, where the client application is in domain, *.abc.com, but the CA SPS is in the domain *.def.com. When Implementing Rest API between these two domains, we are running into CORS issue. More info on CORS can be found at : https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.
We have implemented the following fix in Apache on CA SPS R 12.7 SP 2, on RHEL 7.3 platform to overcome the issue.
<IfModule headers_module>
Header always set Access-Control-Allow-Origin: *
Header always set Access-Control-Allow-Method: "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers: "x-requested-with, Content-Type, origin, authorization, accept, SMCHALLENGE"
Header set SMCHALLENGE "YES"
RewriteEngine On
RewriteRule "^/authazws/.*" "-" [CO=SMCHALLENGE:YES]
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>
We would like to find out if there is any better way to do and if this is approved by CA.
Thanks,
Avi