We are setting up a REST API using IWS. Our IWS REST API is being called from a single page app (SPA) inside a user's web browser. The user's web browser complains about the call to the IWS web API due to CORS policies.

The problem I'm having is that IBM suggests setting Basic Auth and CORS headers in the same directive within the HTTP Server configuration file. I can't get this work. I would appreciate any ideas or suggestions.

Here are the details.

According to page 153 of the Integrated Web Services Server Administration and Programming Guide, Basic Authentication is set up as follows:
<Location />
AuthType Basic
AuthName "IBM Server"
PasswdFile %%SYSTEM%%
require valid-user

According an IBM support page (https://www.ibm.com/support/pages/enabling-cross-origin-resource-sharing-cors-http-apache), the CORS directive is set up as follows for V7R2 and above (Apache 2.4.x):

<Location />
Require All granted
Header set Access-Control-Allow-Origin "*"

For those with additional requirements for CORS the following can be used:

Require all granted
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST,GET,OPTIONS,DELETE,PUT"
Header always set Access-Control-Max-Age "3600"
Header always set Access-Control-Allow-Headers "Content-Type,Authorization"
RewriteEngine On
RewriteRule ^(.*)$ $1 [R=200,L]

I have tried various ways to get Basic Auth and CORS to play nice together within the <Location/> directive. Nothing has worked.


Kelly Cookson
Senior Software Engineer II
Dot Foods, Inc.
1-217-773-4486 ext. 12676

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.