The latest version for DAS is WSO2 Data Analytics Server 3.1.0. View documentation for the latest release.
WSO2 Data Analytics Server is succeeded by WSO2 Stream Processor. To view the latest documentation for WSO2 SP, see WSO2 Stream Processor Documentation.

All docs This doc
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 
||
Skip to end of metadata
Go to start of metadata

Cross-Origin Resource Sharing (CORS) is a mechanism used by client-side processes to access resources from domains outside their own. This allows such processes to overcome the standard same-origin policy, which prohibits access to external resources/APIs. To use the analytics REST API from outside WSO2 DAS domain, or if the REST API caller is situated in a machine with a different host/port configuration to WSO2 DAS, you need to enable CORS for the analytics REST API.

Follow the steps below to enable CORS for the analytics REST API.

  1. Navigate to <DAS_HOME>/repository/deployment/server/webapps/analytics/WEB-INF/web.xml file.
  2. Add the following configuration within the <web-app> element.

    <filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
        <init-param>
            <param-name>cors.allowed.origins</param-name>
            <param-value>{domains to be allowed, comma-separated}</param-value>
        </init-param>
        <init-param>
            <param-name>cors.allowed.methods</param-name>
            <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE,PATCH</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CorsFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
  3. Add the domains that you intend to access the REST API  as a comma-separated list, within the <param-value> element under the parameter name cors.allowed.origins.

    Allowing CORS for the REST API allows access to all the domains specified under the parameter name cors.allowed.origins. Therefore, list only the required domains as values for this parameter to minimize possible security issues.

The analytics REST API uses the in-built CORS filter of Apache Tomcat to achieve this functionality. For all available parameters that could be specified for this filter, see Container Provided Filters.

  • No labels