When calling APIs on the repository directly from the browser, you may run into CSRF and
CORS issues.
Configuring CSRF
The Application Development Framework (ADF) documentation contains some information on how to configure CSRF. For more information, see Flag to disable csrf in the core and in the demo shell and Prerequisites for building and running apps with the SkyVault Application Development Framework.
Enable CORS in SkyVault
The web client for ADF will be loaded from a different web server than the on which SkyVault runs. So, the SkyVault server needs to know that any request that comes in from this custom web client should be allowed access to the repository. This is done by enabling cross-origin resource sharing (CORS).
To enable CORS in the SkyVault, do one of the following:
- Download and install the CORS module
- Download the CORS module.
- Stop the SkyVault server.
- Add the enable CORS platform module JAR to the <ALFREACO_HOME>/modules/platform directory.
- Restart the SkyVault server.Note: By default, the CORS filter that is enabled will allow any origin.
- Manually update the web.xml file
- Open <ALFREACO_HOME>/tomcat/webapps/alfresco/WEB-INF/web.xml.
- Uncomment the following
section:
<filter-name>CORS</filter-name> <url-pattern>/api/*</url-pattern> <url-pattern>/service/*</url-pattern> <url-pattern>/s/*</url-pattern> <url-pattern>/cmisbrowser/*</url-pattern> </filter-mapping>
- Update cors.allowOrigin URL to http://localhost:3000. Make sure to use the URL that will be used by the web client.