topic How to set http header in Alfresco Forum https://connect.hyland.com/t5/alfresco-forum/how-to-set-http-header/m-p/123841#M33890 <P>Hi Team,</P><P>Application security team wants to allow only Get and Post method on any page.</P><P>For that i have tried below options:<BR />1. Added CORS config in alfresco-global.properties file</P><PRE>cors.enabled=true cors.allowed.methods=Get,Post</PRE><P>2. Enabled CORS config in web.xml (tomcat/webapps/alfresco/WEB-INF)</P><PRE>&lt;!-- CORS Filter Begin --&gt; &lt;filter&gt; &lt;filter-name&gt;CORS&lt;/filter-name&gt; &lt;filter-class&gt;com.thetransactioncompany.cors.CORSFilter&lt;/filter-class&gt; &lt;init-param&gt; &lt;param-name&gt;cors.allowGenericHttpRequests&lt;/param-name&gt; &lt;param-value&gt;true&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.allowOrigin&lt;/param-name&gt; &lt;!-- &lt;param-value&gt;http://localhost:8081&lt;/param-value&gt; --&gt; &lt;param-value&gt;*&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.allowSubdomains&lt;/param-name&gt; &lt;param-value&gt;true&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.supportedMethods&lt;/param-name&gt; &lt;param-value&gt;GET, POST&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.supportedHeaders&lt;/param-name&gt; &lt;param-value&gt;origin, authorization, x-file-size, x-file-name, content-type, accept, x-file-type&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.supportsCredentials&lt;/param-name&gt; &lt;param-value&gt;true&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.maxAge&lt;/param-name&gt; &lt;param-value&gt;3600&lt;/param-value&gt; &lt;/init-param&gt; &lt;/filter&gt; &lt;!-- CORS Filter End --&gt; &lt;!-- CORS Filter Mappings Begin --&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;CORS&lt;/filter-name&gt; &lt;url-pattern&gt;/api/*&lt;/url-pattern&gt; &lt;url-pattern&gt;/service/*&lt;/url-pattern&gt; &lt;url-pattern&gt;/s/*&lt;/url-pattern&gt; &lt;url-pattern&gt;/cmisbrowser/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;!-- CORS Filter Mappings End --&gt;</PRE><P>3. Added security constraint in web.xml(tomcat/conf)</P><PRE>&lt;security-constraint&gt; &lt;web-resource-collection&gt; &lt;web-resource-name&gt;restricted methods&lt;/web-resource-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;http-method&gt;DELETE&lt;/http-method&gt; &lt;http-method&gt;OPTIONS&lt;/http-method&gt; &lt;http-method&gt;TRACE&lt;/http-method&gt; &lt;http-method&gt;PUT&lt;/http-method&gt; &lt;/web-resource-collection&gt; &lt;auth-constraint /&gt; &lt;/security-constraint&gt; </PRE><P>Any of the above mentioned configuration didn't helped to achieve the required thing.</P><P>Anyone has configured the same?</P><P>Attached screen-shot of burp suite tool.&nbsp;</P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="HTTP Method" style="width: 764px;"><span class="lia-inline-image-display-wrapper" image-alt="image"><img src="https://connect.hyland.com/t5/image/serverpage/image-id/947i1C7C9C95A23755CE/image-size/large?v=v2&amp;px=999" role="button" title="image" alt="image" /></span><SPAN class="lia-inline-image-caption" onclick="event.preventDefault();">HTTP Method</SPAN></SPAN></P><P>Thanks,<BR />Hardik</P> Mon, 14 Dec 2020 12:50:27 GMT hardik_thakkar 2020-12-14T12:50:27Z How to set http header https://connect.hyland.com/t5/alfresco-forum/how-to-set-http-header/m-p/123841#M33890 <P>Hi Team,</P><P>Application security team wants to allow only Get and Post method on any page.</P><P>For that i have tried below options:<BR />1. Added CORS config in alfresco-global.properties file</P><PRE>cors.enabled=true cors.allowed.methods=Get,Post</PRE><P>2. Enabled CORS config in web.xml (tomcat/webapps/alfresco/WEB-INF)</P><PRE>&lt;!-- CORS Filter Begin --&gt; &lt;filter&gt; &lt;filter-name&gt;CORS&lt;/filter-name&gt; &lt;filter-class&gt;com.thetransactioncompany.cors.CORSFilter&lt;/filter-class&gt; &lt;init-param&gt; &lt;param-name&gt;cors.allowGenericHttpRequests&lt;/param-name&gt; &lt;param-value&gt;true&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.allowOrigin&lt;/param-name&gt; &lt;!-- &lt;param-value&gt;http://localhost:8081&lt;/param-value&gt; --&gt; &lt;param-value&gt;*&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.allowSubdomains&lt;/param-name&gt; &lt;param-value&gt;true&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.supportedMethods&lt;/param-name&gt; &lt;param-value&gt;GET, POST&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.supportedHeaders&lt;/param-name&gt; &lt;param-value&gt;origin, authorization, x-file-size, x-file-name, content-type, accept, x-file-type&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.supportsCredentials&lt;/param-name&gt; &lt;param-value&gt;true&lt;/param-value&gt; &lt;/init-param&gt; &lt;init-param&gt; &lt;param-name&gt;cors.maxAge&lt;/param-name&gt; &lt;param-value&gt;3600&lt;/param-value&gt; &lt;/init-param&gt; &lt;/filter&gt; &lt;!-- CORS Filter End --&gt; &lt;!-- CORS Filter Mappings Begin --&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;CORS&lt;/filter-name&gt; &lt;url-pattern&gt;/api/*&lt;/url-pattern&gt; &lt;url-pattern&gt;/service/*&lt;/url-pattern&gt; &lt;url-pattern&gt;/s/*&lt;/url-pattern&gt; &lt;url-pattern&gt;/cmisbrowser/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;!-- CORS Filter Mappings End --&gt;</PRE><P>3. Added security constraint in web.xml(tomcat/conf)</P><PRE>&lt;security-constraint&gt; &lt;web-resource-collection&gt; &lt;web-resource-name&gt;restricted methods&lt;/web-resource-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;http-method&gt;DELETE&lt;/http-method&gt; &lt;http-method&gt;OPTIONS&lt;/http-method&gt; &lt;http-method&gt;TRACE&lt;/http-method&gt; &lt;http-method&gt;PUT&lt;/http-method&gt; &lt;/web-resource-collection&gt; &lt;auth-constraint /&gt; &lt;/security-constraint&gt; </PRE><P>Any of the above mentioned configuration didn't helped to achieve the required thing.</P><P>Anyone has configured the same?</P><P>Attached screen-shot of burp suite tool.&nbsp;</P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="HTTP Method" style="width: 764px;"><span class="lia-inline-image-display-wrapper" image-alt="image"><img src="https://connect.hyland.com/t5/image/serverpage/image-id/947i1C7C9C95A23755CE/image-size/large?v=v2&amp;px=999" role="button" title="image" alt="image" /></span><SPAN class="lia-inline-image-caption" onclick="event.preventDefault();">HTTP Method</SPAN></SPAN></P><P>Thanks,<BR />Hardik</P> Mon, 14 Dec 2020 12:50:27 GMT https://connect.hyland.com/t5/alfresco-forum/how-to-set-http-header/m-p/123841#M33890 hardik_thakkar 2020-12-14T12:50:27Z