Enabling Cross-Origin Resource Sharing (CORS)
Web browsers cannot normally request resources from outside the domain where the resources are hosted. These Cross-Origin Resource Sharing (CORS) settings can be necessary if, for example, you have an application that uses the M-Files REST API to communicate with the vault.
In M-Files Cloud, use Advanced Vault Settings to enable CORS. In an on-premises environment, you can use Advanced Vault Settings or Windows registry settings. With M-Files April '24 Update and later, it is recommended to use Advanced Vault Settings.
Enabling CORS with Advanced Vault Settings
Open Advanced Vault Settings and go to . Click the information icon () of each setting for details. Remember to enable CORS for all the necessary vaults.
To use this method in on-premises environments, incoming connections and vaults must be mapped. See Configuring Mappings Between Incoming Connections and Vaults.
Enabling CORS with registry settings
In an on-premises environment, you can enable CORS with Windows registry settings. To do this, add the keys and values given here to the Windows registry of the M-Files Web server:
Key | HKEY_LOCAL_MACHINE\SOFTWARE\Motive\M-Files\<version>\Server\MFWA\Sites\<site name or ID in Internet Information Services> | |
---|---|---|
Value name | EnableCrossOriginAccess | |
Value type | REG_MULTI_SZ | |
Value |
A list of mappings that specify which origins have access to which vaults. On each row, specify the host name (DNS name) on the left side of the equals character. After the equals character, add the allowed origins separated with semi-colons. It is not recommended to use an asterisk (*) because it gives cross-origin access from all sites. Setting format for two vaults, hostnames separated by a line break:
You can normally check the URL of the origin domains with your browser. For example, for SharePoint web apps, the format of the URL is https://<domain identifier>-<instance identifier>.sharepoint.com. |
|
Example value |
|
Key | HKEY_LOCAL_MACHINE\SOFTWARE\Motive\M-Files\<version>\Server\MFWA\Sites\<site name or ID in Internet Information Services> | |
---|---|---|
Value name | AllowedCrossOriginHeaders | |
Value type | REG_SZ | |
Description | The headers to be allowed in the response. | |
Value | Origin,Content-Type,Accept,Access-Control-Allow-Origin,Cache-Control,X-Authentication,X-Requested-With,X-Vault,M-Files-Vault,m-files-session,m-files-extensions |
Key | HKEY_LOCAL_MACHINE\SOFTWARE\Motive\M-Files\<version>\Server\MFWA\Sites\<site name or ID in Internet Information Services> | |
---|---|---|
Value name | AllowedCrossOriginMethods | |
Value type | REG_SZ | |
Description | The methods to be allowed in the response headers. | |
Value | PUT,POST,GET,OPTIONS |