AnsweredAssumed Answered

CORS Config not working for Search API

Question asked by boyzoid on Sep 26, 2018

Let me start by saying that I am very new to Alfresco.

 

I am working on a web based app that will use the Alfresco API to upload and list/search documents.

 

Last week, I was unable to upload documents form a browser because of CORS. I was able to get that working by adding the following to web.xml in Tomcat.

 

<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowSubdomains</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>origin, authorization, x-file-size, x-file-name, content-type, accept, x-file-type</param-value>
</init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/api/*</url-pattern>
<url-pattern>/service/*</url-pattern>
<url-pattern>/s/*</url-pattern>
<url-pattern>/cmisbrowser/*</url-pattern>
</filter-mapping>

 

Here is the API URL I was accessing: http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-/children

 

Everything works as expected and I see the Access-Control-Allow-* headers in the response:

 

 

Earlier this week, I started working on the process to search documents that have been uploaded. Surprisingly, I am getting errors in the browser because of CORS issues.

 

Here is the API URL I am using for search: http://localhost:8080/alfresco/api/-default-/public/search/versions/1/search

 

When I look at the response in Chrome Dev tools, I am not seeing the Access-Control-Allow-* headers.

 

 

Can someone shed some light on why/how the CORS config is being ignored (or stripped out?) when using the Search API?

 

Thanks!

Outcomes