Cross-origin resource sharing (CORS) policy issue

In BRPM, cross-domain access to the BRPM server from any external system is denied by default. You ensure cross-domain access from the Requester UI to the BRPM server with the cross-origin resource sharing (CORS) mechanism.

While trying to access the BRPM Requester UI server from an external system, your browser displays the following error message:

Access to XMLHttpRequest at 'https://<yourdomain.com>:8443/brpm/session.json' from origin 'https://<yourdomain.com>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

The figure below displays the error message on a web browser:

CORS error.png

To specify and make sure that only the defined external domain system (that is, BRPM Requester UI, 5.0.03.001 or later), refers to the BRPM server, follow these steps:

  1. Navigate to RLMhome/releases/productVersion/RPM/portal.war/WEB-INF/config/environments and open the production.rb file.
  2. Modify the CORS_ORIGINS value in the URL of the BRPM Requester UI.

      • If the BRPM Requester UI is served from https://rpmui.<yourdomian.com>/rlmui with default port 443, enter the following value:
        CORS_ORIGINS = 'https://rpmui.yourdomain.com'

      • If the BRPM Requester UI is served with a custom port like https://rpmui.<yourdomain.com>:9090/rlmui, enter the following value:
        CORS_ORIGINS = 'https://rpmui.yourdomain.com:9090'

        Note

        The asterisk (*) wildcard is not valid for the CORS_ORIGINS value.

Related topic

Troubleshooting

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*