EducationSoftwareStrategy.com
StrategyCommunity

Knowledge Base

Product

Community

Knowledge Base

TopicsBrowse ArticlesDeveloper Zone

Product

Download SoftwareProduct DocumentationSecurity Hub

Education

Tutorial VideosSolution GalleryEducation courses

Community

GuidelinesGrandmastersEvents
x_social-icon_white.svglinkedin_social-icon_white.svg
Strategy logoCommunity

© Strategy Inc. All Rights Reserved.

LegalTerms of UsePrivacy Policy
  1. Home
  3. Topics

KB439583:How to Enable CORS in MicroStrategy Library 10.10 and above

Community Admin

• Strategy

This article provides steps to configure CORS in MicroStrategy Library to meet the deployment need and allow embedding of MicroStrategy contents in an existing and separate web server.

By default, modern web-browsers restrict cross-origin HTTP requests initiated from within scripts for security reasons. Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to whitelist which web applications can access selected resources from a specific origin. This standard applies when you have a web application communicating with a server on a different domain, such as the REST API running on a different server and/or port than the website communicating with it.
For a more detailed introduction to CORS, refer to the following article: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

Configuring CORS with Strategy Library


Strategy Library exposes settings to automatically configure the necessary CORS headers, allowing the REST API (and by extension the Embedding API) to be used in cross-domain scenarios.

Strategy 11.0, 2019 (11.1) and above


For Strategy Library 11.0 and above, see Enable Cross-Origin Resource Sharing (CORS).
Note: in previous versions it was necessary to modify the security_headers-index.properties file. This is no longer necessary in 11.0 and above.
 

Strategy 10.10 & 10.11


The following steps outline the changes to be made in Strategy Library 10.10 and 10.11:

  1. On the machine where Strategy Library is deployed navigate to the StrategyLibrary\WEB-INF\classes\config folder.
  2. Edit the configOverride.properties file in a text editor.
  3. Define the address and port of the machine from where the REST API call is being made:
    • auth.cors.origins=http://domain:port 
  4. ​​Save the file.
  5. Edit the security_headers-index.properties file in a text editor.
  6. ​Add or replace the following lines, if already present:
    • ​X-Frame-Options=ALLOW-FROM http://example.com:port
    • Content-Security-Policy=frame-ancestors http://example.com:port
  7. Restart your Library web application hosted on the application server. For example, if your application server is Tomcat, you can restart a single application on the Tomcat Manager page as seen below: 

​

ka0PW0000000iVhYAI_0EM44000000WRWb.png

Notes:

  • The auth.cors.origins parameter specifies a URL that may access the resource.
    • The star "*" symbol can be set as a wildcard, thereby allowing any origin to access the resource.
    • The pipe "|" symbol can be used as a delimiter to allow multiple origins (e.g. auth.cors.origins=http://example1.com:port|http://example2.com:port).
  • The example above assumes that the web application communicating with Strategy Library, is being used via http://example.com:port in the URL.
  • Both X-Frame-Options and Content-Security-Policy are suggested to maximise compatibility with different browsers. Further testing & configuration may be required to ensure full compatibility with all desired browsers. For detailed usage information on the X-Frame-Options and Content-Security-Policy headers, refer to externally available information.


See the REST API help for more details and samples. 
The example provided in this document is provided “as-is” and user has read the following customization warning:
ADDITIONAL INFORMATION:
The Strategy SDK allows you to customize several Strategy products and extend and integrate the Strategy business intelligence functionality into other applications. However, before changing the way Strategy products look or behave, it is helpful to understand how the application is built. For more information regarding the Strategy products or the process of customizing Strategy products, please refer to Strategy Developer Zone (https://developer.microstrategy.com).
To access the Strategy Developer Zone, you must have access to the Strategy Knowledge Base, you must have purchased the Strategy SDK, and you must be current on your Strategy maintenance agreement. If you are a US-based business and believe that you satisfy all three of these conditions but you do not have access to the Strategy Developer Zone, please contact Strategy Technical Support at support@microstrategy.com or at (703) 848-8700. If you are an international business, please contact Strategy Technical Support at the appropriate email address or phone number found at https://www.microstrategy.com/us/services/support/contact.
CUSTOMIZATION WARNING:
This customization is provided as a convenience to Strategy users and is only directly applicable to the version stated. While this code may apply to other releases directly, Strategy Technical Support makes no guarantees that the code provided will apply to any future or previous builds. In the event of a code change in future builds, Strategy Technical Support makes no guarantee that an updated version of this particular customization will be provided. In the event of a code change in future builds, Strategy may not be able to provide additional code on this matter even though this customization is provided at this time for this specific build. For enhancements to this customization or to incorporate similar functionality into other versions, contact your Account Executive to inquire about Strategy Consulting assistance.
000039583 KB439583

Comment

0 comments

Details

Knowledge Article

Published:

February 2, 2018

Last Updated:

February 13, 2024