Remove CORS from _cmsinternal

Yves_Viegen · April 21, 2020, 3:03pm

For debugging purposes we would like to call the https://test-clientname.onehippo.com/site/_cmsinternal/resourceapi from a local frontend project.

This gives CORS related issues.

Below the hst:clientname/hst:hosts configuration On the hst:root (primary hst:mount) we have configured the response headers:
hst:responseheaders
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true

Apparently this doesn’t apply to _cmsinternal. Any suggestions/clues/tips?

Thank you.

bcanvural · April 24, 2020, 2:40pm

That endpoint is added to the site mount dynamically i believe. I don’t think it’s meant to be accessed outside with a cors request. (perhaps other people can elaborate on this)

Maybe it’s an option to create a specific “preview” mount. If you create a mount with hst:type=preview

Topic		Replies	Views
CMS channel CORS issue Experience Manager (PaaS/OnPrem)	0	463	May 28, 2021
Url/site/_cmsinternal 500 (Internal Server Error) channel manger Experience Manager (PaaS/OnPrem)	8	1155	September 17, 2018
Reverse Proxy Issues on-premise deployment w/ v14.6.2 Experience Manager (PaaS/OnPrem)	2	456	October 12, 2021
SPA site not visible within Channel Manager Experience Manager (PaaS/OnPrem)	3	614	July 30, 2019
Get content URL of document Experience Manager (PaaS/OnPrem)	9	1519	February 1, 2019

Remove CORS from _cmsinternal

Related topics