Configuring CORS rules at the tenant-level

You can use the System Management Console to configure the default CORS settings for all namespaces owned by a tenant.

Before you begin

To view a tenant, you need the monitor or administrator role. To modify a tenant, you need the administrator role.

Procedure

  1. In the top-level menu of the System Management Console, click Tenants.

  2. On the Tenants page, in the Name column, click the right arrow next to the tenant for which you want to configure CORS settings.

    The tenant Overview panel is displayed.
  3. Click the Security tab.

    The Security panel opens to the CORS tab on the left.
  4. In the CORS Configuration field, enter the default CORS settings to use for all namespaces that are owned by the tenant.

  5. Click Update Settings.

    You are returned to the Overview panel for the tenant. A message is displayed at the top of the page indicating whether the update was successful. If a success message is displayed, your configuration is saved and persists in HCP.
  6. To view, update, or delete the saved configuration, click Security to display the Security panel.

    CORS configuration

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <CORSConfiguration>
         <CORSRule>
              <AllowedOrigin>http://www.example.com</AllowedOrigin>
              <AllowedMethod>PUT</AllowedMethod>
              <AllowedHeader>*</AllowedHeader>
              <ExposeHeader>ETag</ExposeHeader>
              <MaxAgeSeconds>3000</MaxAgeSeconds>
         </CORSRule>
         <CORSRule>
              <AllowedOrigin>*</AllowedOrigin>
              <AllowedMethod>GET</AllowedMethod>
              <AllowedHeader>*</AllowedHeader>
         </CORSRule>
    ...

    Notice that the HCP software added the following XML header at the top of the CORS configuration:

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  7. If a failure message is displayed, for example, if your configuration had a syntax error, return to the Security panel to make the necessary corrections.

  8. Click Update Settings.

Results

You configured the default CORS settings for all namespaces owned by the tenant.