CORS Filter

Before consuming Everyware Cloud REST APIs from an HTML Web Application hosted on different domain, the CORS Filter must be configured in order to allow traffic from that specific source. More info on CORS.

A specific Origin can be whitelisted as a system-wide setting during deployment, or on a per-account basis at runtime.

🚧

CORS and SwaggerUI

The SwaggerUI interface provided with Everyware Cloud is an example of an HTML Web Application, so the CORS filter has to be configured to allow that specific Origin

Whitelisting an Origin for all Accounts

A CORS Origin can be configured system-wide using the containerApi.env.corsOriginsAllowed parameter of the REST API Helm Chart.

This parameter is set in override value file and accepts a comma separated list of Origins. See the Installation section for more details on how to use the Helm Charts.

...
containerApi:
  env:
    corsOriginsAllowed: 'http://api.example.com,https://api.example.com'
...

Whitelisting an Origin for a given Account

An Origin can be whitelisted for a given account; when doing so, that Origin will be allowed to consume REST APIs when a user from that account or any child account that has no Origins whitelisted on its own will perform a login.

In order to whitelist a specific Origin:

  • Go to the Settings page, then the CORS tab
  • Click on the Add button
  • Enter the desired origin (including http:// or https:// and the port) and click Submit

The list of whitelisted origins is refreshed every 60 seconds by default. This value can be changed via the api.cors.refresh.interval system property / API_CORS_REFRESH_INTERVAL environment variable