Question & Answer
Question
We currently have version: z/OS Connect Enterprise Edition version 2.0.10.1 (20171016-1033)
We want to disable CORS headers and tried to set:
<cors allowCredentials="false" allowedHeaders="sadasd"
allowedMethods="asdsad" allowedOrigins="http://sdsdfsdfds.adsf" domain="
/
" id="defaultCORSConfig" maxAge="3600"/>
We also tried to comment it out:
<é-- <cors allowCredentials="true" allowedHeaders="Origin, Content-
Type, Authorization" allowedMethods="GET, POST, PUT, DELETE, OPTIONS"
allowedOrigins="*" domain="/" id="defaultCORSConfig" maxAge="3600"
/> -->
But all that doesn't help. How can we disable CORS headers?
I couldn't find exact syntax but found contradictory information:
The only valid value for this header is true (case-sensitive). If you
don't need credentials, omit this header entirely (rather than setting
its value to false).This header must be included in all valid CORS responses; omitting the
header will cause the CORS request to fail.
Have you any idea ? Thanks so much Angela
Answer
Hi Angela,
z/OS Connect EE will always send CORS headers if the client has sent an Origin header. At version 2.0.3 when support to use the Liberty standard element was added, it only allows users to further customise CORS. If the Liberty CORS support is not used, then z/OS Connect EE falls back to the original CORS support, which is always enabled.
Why do you need to disable CORS support?
Which CORS header are your two statements (1 & 2 in your question) referring to?
Thanks, Alex
Product Synonym
CICS/TS CICSTS CICS TS CICS Transaction Server;zCEE
Was this topic helpful?
Document Information
Modified date:
14 February 2023
UID
dwa1424958