10 CORS Properties

The following topics provide information about the properties in the wcs_properties.json file that configure the Cross-origin resource sharing (CORS) mechanism:

About the Properties in the CORS Category

The properties that configure the Cross-origin resource sharing (CORS) mechanism for WebCenter Sites are categorized under the CORS category. These properties allow WebCenter Sites resources to be requested from domains outside of the WebCenter Sites domain.

When a request from a domain outside of WebCenter Sites is made for a WebCenter Sites resource, the browser "preflights" the request by soliciting supported domain methods from WebCenter Sites with an HTTP OPTIONS request header. Upon approval from WebCenter Sites, CORS sends the request with the HTTP request method. WebCenter Sites can also notify clients whether "credentials" (including Cookies and HTTP Authentication data) should be sent with requests.

The CORS properties enable you to restrict domains, methods, and so on. When you modify these properties using either the Property Management Tool or the Import/Export Utility does not require you to restart the server for the changes to take effect. For descriptions of the properties categorized under CORS in the wcs_properties.json file, see Properties in the CORS Category.

Properties in the CORS Category

Table 10-1 provides a description for each of the properties in the JSON file that are associated with the CORS category.

Table 10-1 Cors Properties

Property Description


Specifies whether user credentials (cookies) in cross origin requests.

Default value: false


Comma-separated list of origins (in the format: <scheme>://<host>:<port>) that are allowed to access WebCenter Sites resources from a domain other than the WebCenter Sites domain.

Default value: * which allows any domain to access WebCenter Sites resources.


Use this property to specify an integer that indicates the maximum amount of time the results of a preflight request can be cached by the client.


Defines the cross domain request HTTP methods supported by WebCenter Sites.

Default value: GET, HEAD, POST, OPTIONS