LiveView supports Cross-Origin Resource Sharing (CORS) by enabling one resource origin (for example, a LiveView server on the back end) to share LiveView data with another server (such as a customer's front end web server).
You configure origin resource sharing by setting a property in a liveview.properties
file. For example:
liveview.server.allowedOrigins=http://localhost
The property can contain a comma-separated list of origins that are allowed to access the resources, where an origin is defined by the URI scheme (such as protocol), host (domain), and port of the URL used to access it. Note that two objects are the same origin when the scheme, host, and port all match.
The default value is http://localhost
, meaning by default, nobody can request from cross domain sites.
Using a value of *
means allow all origins. For example:
liveview.server.allowedOrigins=*
If an allowed origin contains one or more *
characters (for example http://*.domain.com
), then *
characters are converted to .*
whereas .
characters are escaped to \.
and the resulting allowed origin interpreted as a regular expression. Allowed origins can therefore be more complex expressions
such as https?://*.domain.[a-z]
that matches http or https, multiple subdomains, and any three-letter top-level domain (such as .com, .net, .org, and so
on).
The following examples contains the same origin because the scheme (http) and host (example.com) are identical:
http://example.com/app1/index.html http://example.com/app2/index.html
The following examples contains the same origin because a server delivers HTTP content through port 80 by default and case-insensitive:
http://Example.com:80 http://example.com
The following examples contain different schemes:
http://example.com/app1 https://example.com/app2
The following examples contain different hosts:
http://example.com http://www.example.com http://myapp.example.com
The following examples contain different ports:
http://example.com http://example.com:8080