Web content management frameworks are often integrated with external platforms, APIs, and services. When the external source is hosted on a different domain, CORS is used to allow requests from the external local domain to the target domain of the web content management framework, without needing a proxy. We will look at techniques for allowing these requests.

When making a CORS request from the web content management framework as the local domain to a different target domain, it is either handled with custom code using the methods we covered in the earlier chapters, or a plugin may implement the headers and methods needed for the requests.

All the major content management frameworks offer a Software As A Service (SAAS) hosted/managed option. Since you do not actually control the server, and scripting is limited, implementing CORS may be difficult, or sometimes impossible.

In the SAAS platform WordPress.com, we shall see that CORS is very limited, and authenticated requests require explicit permission by the current user.

The Drupal SAAS platforms Drupal Gardens and Acquia Cloud Site Factory do not provide a way to implement CORS. There have been feature requests for adding CORS capability, so it may become possible.

It's unclear whether CORS is possible in the SAAS versions of Joomla! and Adobe Experience Manager.

The demand for the capability of CORS will likely be satisfied in these SAAS platforms eventually, so we recommend contacting support and asking them explicitly whether CORS can be implemented.

WordPress can be self hosted, or you could use WordPress.com, which is the hosted/managed SaaS platform for creating WordPress sites. Although incoming and outgoing CORS requests are possible in the self-hosted WordPress, the WordPress.com platform only allows incoming requests.

Custom code is the best way to implement CORS in Drupal, using techniques we have covered. There are also some contributed Drupal modules for CORS. Be mindful of Drupal core API differences among versions: Drupal 6, 7, 8. When Drupal 8 is released, support for Drupal 6 will end.

function set_custom_headers()
 {
  drupal_add_http_header('Content-Type', 'application/json...

To enable CORS in Joomla!, you need to add the standard CORS header(s). There are a few ways to add the header(s), which are covered in the following sections.

setHeader('Access-Control-Allow-Origin', '*', true) : \JApplicationWeb

While the previous sections examined using CORS in frameworks built with PHP, Adobe Experience Manager is built with Java.

AEM has a Java package for CORS. Another option is to allow domains to post to Sling in the CRX console; when domains are trusted this way, CORS is unnecessary. In some cases, such as when using Scene 7, CORS headers may need to be added with rulesets.

The com.adobe.cq.social.commons.cors package

AEM includes a package named com.adobe.cq.social.commons.cors. The package contains four classes:

Summary

---

We have learned a lot about applying CORS in various content management systems. Let's do a recap.

You learned how to allow incoming CORS requests in WordPress, Drupal, Joomla!, and Adobe Expression Manager. You also learned that outgoing CORS requests in these frameworks should use custom code or existing plugins, apart from the fact that WordPress.com SAAS has limited CORS capability. We discussed how CORS support in other SAAS versions of these frameworks is uncertain, but it may become implemented due to demand.

We looked at two plugins for CORS in WordPress: one for adding headers, and the other enables CORS in the WordPress XML-RPC API. We also looked at adding CORS headers with custom code in the WordPress theme template.

We looked at a few Drupal modules for CORS. The CORS module adds headers mapped to paths. The CDN module supports CORS when using a Content Delivery Network. The Amazon S3 upload module implements CORS when using Amazon S3. We also looked at setting headers...

The rest of the chapter is locked

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Renews at $15.99/month. Cancel anytime

Start free trial

Previous Chapter

Chapter 10 of 15

Next Chapter

You have been reading a chapter from

CORS Essentials

Published in: May 2017Publisher: ISBN-13: 9781784393779

© 2017 Packt Publishing Limited All Rights Reserved

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Sign up now

undefined

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Author (1)

Rajesh Gunasundaram

Rajesh Gunasundaram is a software architect, technical writer and blogger. He has over 15 years of experience in the IT industry, with more than 12 years using Microsoft .NET, 2 years of BizTalk Server and a year of iOS application development. Rajesh is a founder and editor of technical blogs programmerguide and ioscorner and you can find many of his technical writings on .Net and iOS. He is also the founder and developer of VideoLens, a platform that analyses videos uploaded in Facebook pages and YouTube channels. Rajesh has also written four other books for Packt publishing. Rajesh worked on client premises located at various countries such as UK, Belarus and Norway. He also has experience in developing mobile applications for iPhone and iPad. His technical strengths include Azure, Xamarin, ASP.NET MVC, Web API, WCF, .Net Framework / .Net Core, C#, Objective-C, Angular, Bot Framework, BizTalk, SQL Server, REST, SOA, Design Patterns and Software Architecture. Rajesh is an early adopter of Angular since AngularJS. He has developed Rich interfaces using Angular, Bootstrap, HTML5 and CSS3. He has good experience in translation of designer mock-ups and wireframes into an AngularJS front-end. Good at unit testing Angular applications with Karma. Expertise in handling RESTful services in Angular. Supporting various web products developed using AngularJS and Angular.
Read more about Rajesh Gunasundaram

Personalised recommendations for you

Based on your interests and search pattern

Modernizing Drupal 10 Theme Development

Modernizing Drupal 10 Theme Development covers everything a frontend developer or a Drupal developer needs to know about the Drupal 10 theme layer. Using real-world examples, this book will help you to build up from an empty theme to a fast, responsive, maintainable, and accessible Drupal website in both monolithic and decoupled ways.

BookAug 2023360 pages4

Full Stack Development with Spring Boot 3 and React

Full Stack Development with Spring Boot 3 and React contains a wealth of practical guidance for picking up full stack development. The step-by-step exploration of everything from dependency injection, ORM with Hibernate, and JWTs to RESTful APIs, UI styling, and TypeScript will help you to develop the Spring Boot and React skills you need.

BookOct 2023454 pages5

Modern API Development with Spring 6 and Spring Boot 3

This practical guide teaches inexperienced Java programmers and web developers how to design, develop, test, and deploy highly scalable and maintainable APIs using REST, gRPC, GraphQL, and reactive programming paradigms with Java and Spring Boot. Complete with real-world examples, it will guide you to build enterprise-level APIs and services.

BookSep 2023494 pages1

Hands-On Web Scraping with Python

This book guides you to discover and extract quality data from the web using Python libraries such as requests, lxml, pyquery, scrapy, and to use effective scraping techniques. It’ll help you master the fundamentals and advanced concepts of web scraping and apply your skills to real-world data extraction tasks, with analysis and visualization.

BookOct 2023324 pages

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages4

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages3

Full Stack Web Development with Remix

Unlock the power of the web platform and cutting-edge technologies for your React applications using Remix to take advantage of the full stack to create a great user experience. This book is a complete resource covering the conventions, levers, and primitives of Remix and illustrates concepts through a real-world project.

BookNov 2023318 pages

Real-World Svelte

This book is a must-have guide to unlocking Svelte's true potential. You’ll learn about advanced component development, efficient coding, and powerful UI patterns using actions. With a focus on state management, custom stores, and renderless components, this book equips you to build exceptional web apps with lightning-fast performance.

BookDec 2023282 pages3

Building Micro Frontends with React 18

This book is a step-by-step guide to building production-grade, highly scalable, and performant web apps using multi-SPA and micro apps patterns, where you’ll learn to deal with complexities related to micro frontends. The book is a full life cycle guide to building, deploying, and managing micro frontends in a cloud-native environment.

BookOct 2023218 pages

Drupal 10 Masterclass

This all-in-one guide helps you get up and running with building Drupal applications using the latest Drupal 10 features. You’ll develop a complete practical understanding of Drupal frontend, backend, architecture, content management, themes, and modules to deliver a rich user experience by creating custom Drupal apps.

BookDec 2023310 pages

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages5

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages2

Classes in com.adobe.cq.social.commons.cors	Description
CORSAuthenticationFilter	Adds CORS headers to HTTP responses
CORSAuthInfoPostProcessor	CORS authentication post processor
CORSConfig	Singleton configuration holder so that both the CORS filter and CORS post processor have access to the system settings
CORSConstants	CORS...