AnsweredAssumed Answered

CORS on CA SPS Federation Gateway

Question asked by Avi_Duthaluri on Mar 1, 2018
Latest reply on Mar 6, 2018 by Avi_Duthaluri

Team,

 

We have a requirement, where the client application is in domain, *.abc.com,  but the CA SPS is in the domain *.def.com. When Implementing Rest API between these two domains, we are running into CORS issue. More info on CORS can be found at : https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.

 

We have implemented the following fix in Apache on CA SPS R 12.7 SP 2, on RHEL 7.3 platform to overcome the issue.

 

<IfModule headers_module>
Header always set Access-Control-Allow-Origin: *
Header always set Access-Control-Allow-Method: "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers: "x-requested-with, Content-Type, origin, authorization, accept, SMCHALLENGE"
Header set SMCHALLENGE "YES"
RewriteEngine On
RewriteRule "^/authazws/.*" "-"  [CO=SMCHALLENGE:YES]
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>

 

 

We would like to find out if there is any better way to do and if this is approved by CA.

 

Thanks,

Avi

Outcomes