CORS headers for served artifacts

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CORS headers for served artifacts

nilleb
Is it possible to force artifactory to serve artifacts (at least some extensions) with the following response headers ?

Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:{configured list of allowed origins}

I've modified the tomcat's web.xml to include the following section. Now, the API responses include the headers I described above. BUT the served artifacts DO NOT.

 
    <filter>
       <filter-name>CorsFilter</filter-name>
       <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
          <init-param>
                <param-name>cors.allowed.origins</param-name>
                <param-value>{configured list of allowed origins}</param-value>
          </init-param>
        </filter>
    <filter-mapping>
       <filter-name>CorsFilter</filter-name>
       <url-pattern>/*</url-pattern>
    </filter-mapping>