I need to allow access to a page of my site to accept Cross Domain requests from other sites.
I know this technique is Cross Origin or Cross Domain or CORS (Cross-Origin Resource Sharing), I have seen several topics that speak of it:
How to call a page from another domain to my domain using ajax/javascript
How does Access-Control-Allow-Origin header work?
https://www.html5rocks.com/en/tutorials/cors/
But I do not know how to configure my site to allow cross domain queries.
Info: sites that need access to mine do not use browser extensions, so I have to practice cross domain.
Questions :
1. How do I configure the Access-Control-Allow-Origin
header? My site is Java-EE
, JSF
and Spring
.
2. I found two solutions to allow an external site to have the content of my page:
- A) The first solution is a javascript script that generates a link to my page. The external site must then include this link in its page to display the content of my page. (Should I still have
Access-Control-Allow-Origin
?)
Example
<script>
(function (w,i,d,g,e,t,s)
w[d] = w[d]||[];
t= i.createElement(g);
t.async=1;
t.src=e;
s=i.getElementsByTagName(g)[0];
s.parentNode.insertBefore(t, s);
})(window, document,'_gscq','script','//widgets.getsitecontrol.com/42540/script.js');
</script>
B) The second solution is that the external site uses an
XMLHttpRequest
orAJAX
request to load the page of my site : Embed an External Page Without an Iframe?What is the best solution (A or B)? Will the content of the page be loaded in static?
3. Is there a file in the site configuration that allows me to authorize or forbid sites (domains) to access the pages of my site? Access-Control-Allow-Origin Multiple Origin Domains?
Example
my_page_1.html: // Page of my site
// Authorize sites to make a cross domain query
external_site_1.com
external_site_2.com
external_site_3.com
my_page_2.html: // Page of my site
// Authorize sites to make a cross domain query
external_site_1.com
my_page_3.html: // Page of my site
// Authorize sites to make a cross domain query
external_site_1.com
external_site_3.com
Thank you in advance for your answers.