How to Enable CORS in CRXDE Lite/AEM

2019-06-07 19:39发布

站内问答 / 后端开发
1258 2 6

We use CRX DE lite/Adobe EM as our backend for our Angularjs SPA UI/frontend. How can we set CORS for this backend technology? We have access to the tool http://localhost:4502/crx/de/index.jsp to change settings. But we are not sure how to set CORS enabled.

Please advice.

标签: cors aem crx
举报
2条回答
再贱就再见
2楼-- · 2019-06-07 20:06

There are two OSGi services worth looking at (although I never tried to get them)

  • com.adobe.cq.social.commons.cors.CORSAuthInfoPostProcessor
  • com.adobe.cq.social.commons.cors.CORSAuthenticationFilter

What I wound up doing (at first) was creating a service that implemented AuthenticationInfoPostProcessor. There, I set the following headers:

  • Access-Control-Allow-Credentials
  • Access-Control-Allow-Origin
  • Access-Control-Allow-Methods

And everything was fine for GET requests. But when we tried POST, we ran into the issue that the browser was sending the pre-flight OPTIONS request which was failing because the browser was not doing it with login-token cookie.

Then we tried a @SlingFiter, however that falls in the normal sling pipeline, therefore it was after authentication was checked, so having no auth cookie, the pre-flight would always fail.

Finally, we implemented a filter with the following annotations:

@Component(immediate = true)
@Service(value = Filter.class)
@Properties({ @Property(name = "pattern",
                        value = "/.*"),
              @Property(name = Constants.SERVICE_RANKING,
                        intValue = 1000) })

The key here was the pattern property, which registers the filter as an Apache Felix Whiteboard filter, not Sling. See here. So the filter will set CORS headers for OPTIONS and return, and set CORS headers for everything else, and pass the request to the next filter in the chain.

查看更多
0人赞 添加讨论(0) 举报
相关推荐>>
3楼-- · 2019-06-07 20:16

I don't know where to enable CORS in AEM (or if it's possible at all, I'd look in the OSGi console http://localhost:4502/system/console/configMgr if anywhere) but one way to work around CORS issues would be to expose AEM and the frontend in the same domain, which should be fairly easy by setting up a proxy on Apache.

On the Apache server in front of your AEM publish instance, in the httpd.conf, you could do something like this:

ProxyPass /your-frontend http://whatever.it.runs.on/actual-path-to-the-frontend/
ProxyPassReverse /your-frontend http://whatever.it.runs.on/actual-path-to-the-frontend/
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)