We use CRX DE lite/Adobe EM as our backend for our Angularjs SPA UI/frontend. How can we set CORS for this backend technology? We have access to the tool http://localhost:4502/crx/de/index.jsp to change settings. But we are not sure how to set CORS enabled.
Please advice.
There are two OSGi services worth looking at (although I never tried to get them)
What I wound up doing (at first) was creating a service that implemented AuthenticationInfoPostProcessor. There, I set the following headers:
And everything was fine for GET requests. But when we tried POST, we ran into the issue that the browser was sending the pre-flight OPTIONS request which was failing because the browser was not doing it with login-token cookie.
Then we tried a @SlingFiter, however that falls in the normal sling pipeline, therefore it was after authentication was checked, so having no auth cookie, the pre-flight would always fail.
Finally, we implemented a filter with the following annotations:
@Component(immediate = true)
@Service(value = Filter.class)
@Properties({ @Property(name = "pattern",
value = "/.*"),
@Property(name = Constants.SERVICE_RANKING,
intValue = 1000) })
The key here was the pattern property, which registers the filter as an Apache Felix Whiteboard filter, not Sling. See here. So the filter will set CORS headers for OPTIONS and return, and set CORS headers for everything else, and pass the request to the next filter in the chain.
I don't know where to enable CORS in AEM (or if it's possible at all, I'd look in the OSGi console http://localhost:4502/system/console/configMgr if anywhere) but one way to work around CORS issues would be to expose AEM and the frontend in the same domain, which should be fairly easy by setting up a proxy on Apache.
On the Apache server in front of your AEM publish instance, in the httpd.conf, you could do something like this:
ProxyPass /your-frontend http://whatever.it.runs.on/actual-path-to-the-frontend/
ProxyPassReverse /your-frontend http://whatever.it.runs.on/actual-path-to-the-frontend/
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 老娘就宠你 的文章《How to Enable CORS in CRXDE Lite/AEM》','https://www.manongdao.com/article-918107.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}