Version 2021

Enable Cross-Origin Resource Sharing (CORS)

Cross-Origin Resource Sharing (CORS) provides a way for a web application running in one origin (domain, protocol, and port) to access selected resources from a server in a different origin. A cross-origin HTTP request uses additional HTTP headers to tell the browser to let the web application share resources. For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. This means that when a web application requests HTTP resources from a different origin, the response from the other origin must include the right CORS headers.

Chrome Web Browser version 80 and above introduces new changes which may impact embedding. For more information, see KB484005: Chrome v80 Cookie Behavior and the Impact on MicroStrategy Deployments.

To enable CORS for the REST Server:

  1. Open the Library Admin page. Your URL should be similar to the following:

    https://<host_name>:<port>/MicroStrategyLibrary/admin

  2. Navigate to Library Server -> Security Settings.
  3. Choose the appropriate setting for Allow Library embedding in other sites to reconfigure CORS.

Using the Library Admin page is the easiest way to enable CORS for the REST Server, but you can also configure CORS manually.

  1. Navigate to MicroStrategyLibrary/WEB-INF/classes/config/configOverride.properties.
  2. Edit the configOverride.properties file in a text editor.
  3. Add the following lines, or replace them if already present:

    auth.cors.origins=http://example.com:port

    security.allowedOrigins=http://example.com:port

  4. Restart your MicroStrategy Library web application hosted on the application server.