Cross-Origin Resource Sharing

SelectSystem Configuration > Network & Email>CORS.

Cross-origin Resource Sharing (CORS) allows you to specify websites hosted on other domains that can access resources from theFME Flowthrough Ajax requests.

Disabling and Enabling CORS

CORS is enabled by default to allow any host to accessFME Flowresources.

To disable CORS

  1. ClickLoad Template, and selectDisable CORS.
  2. ClickSave Changes. (Or to cancel, clickRevert Changes.)

To re-enable CORS

  1. ClickLoad Template, and selectAllow All HostsorAllow Specific Hosts.
  2. Configure the remaining settings, as desired (see "Updating CORS Settings", below).
  3. ClickSave Changes. (Or to cancel, clickRevert Changes.)

Updating CORS Settings

Configure the fields underCORSas desired, and clickSave Changes. (Or to cancel, clickRevert Changes.)

Note  "> NoteIf your installation ofFME Flowis configured forfault tolerance, you mustrestarttheFME FlowApplication Server on all machines after updating CORS settings.
  • Allowed Origins: A comma-separated list of hosts that are allowed access to theFME Flow. An * allows access from any host. An * cannot be specified if any origins are passing credentials. For an example of how to specify the list of hosts, clickLoad Templateand selectAllow Specific Hosts.
  • Allowed Methods: A comma-separated list of HTTP methods that may be used in requests from the allowed origins.
  • Allowed Headers:一个以逗号分隔的允许请求头ers from the allowed origins. A request header is any custom header set by the browser JavaScript application through methodXMLHttpRequest.setRequestHeader().
  • Exposed Headers: A comma-separated list of non-standard response headers that are safe to expose to the requestor (initiated through theXMLHttpRequest.getResponseHeader()method). This information is returned in theAccess-Control-Expose-Headersresponse header.
  • Pre-flight Max Age: Specifies how long, in seconds, the results of a pre-flight request can be cached by the requestor. This information is returned in theAccess-Control-Max-Ageresponse header.
  • Supports Credentials: IfTrue, allows the requestor to include credentials to authorize with theFME Flow, including cookies, HTTP authentication (tokens), or client-side certificates. This value is returned in theAccess-Control-Allow-Credentialsresponse header.