+

Search Tips   |   Advanced Search


Secure HTTP proxy

To prevent cross site scripting in Web applications, browsers introduced the so called same-origin policy. This policy prevents client side scripts used in the Resource Manager portlet from loading content from an origin that has a different protocol, domain name, or port. To overcome this restriction, the Resource Manager portlet uses the server side HTTP proxy provided by the portal.

The Resource Manager portlet ships its own configuration of the HTTP proxy. By the default configuration shipped with the Resource Manager portlet, the protected HTTP proxy can serve all URLs. Restrict this to the URLs that you really need. To do this, modify the proxy-config.xml file bundled with the portlet. Proceed as follows:

  1. Locate the file resourceManager.war in the PortalServer_root/installableApps directory.

  2. Edit the file proxy-config.xml in the directory WEB-INF within the WAR file resourceManager.war by adding a new proxy:policy element or by modifying the existing one.

    For example, set url="http://www.myserver.com:10040/wps/mycontenthandler/*" .

  3. Repackage the WAR file and update the Resource Manager Web module.

For more information how to modify the file proxy-config.xml refer to the topic about the HTTP proxy for AJAX applications.


Parent topic:

Manage your servers


Related concepts


HTTP proxy for AJAX applications