2. In the security configuration file, appSecurity-XXX.xml, uncomment only the required properties in the OECORSFilter bean code snippet to enable CORS support.
Typically, you uncomment the allowAll property and set it to false to ensure that all HTTP clients make CORS requests by sending an Origin header.
Uncomment the allowDomains property to limit CORS access to only certain HTTP clients. And, uncomment and use messageHeaders and responseHeaders properties if the HTTP clients require sending/receiving headers not contained in the defaults.
You typically uncomment only the allowAll and allowDomains properties to customize CORS support.
Progress Software recommends that you uncomment only the properties you need to set; otherwise, let the default settings be applied to the properties.
If you uncomment all the CORS properties, the OECORSFilter bean code snippet looks similar to the following:
3. After uncommenting the required properties from the OECORSFilter bean code snippet, for each of the properties, such as allowAll and allowDomains, you must update the value attribute. For information about the OECORSFilter properties, see OECORSFilter properties.
4. Save the security configuration file, appSecurity-XXX.xml.
Note: You must restart the Web server for the above security configuration updates to take effect.