CORS on Virtuoso

These instance/server-level settings require OpenLink Virtuoso Open Source (VOS) 6.1.3 or later, or Virtuoso Commercial Edition 06.02.3129 or later. [more...]

1. In the Virtuoso Conductor, go to Web Application Server → Virtual Domains & Directories.
2. Expand the default Interface store.
3. Click New Directory.
4. Specify the desired Virtual Directory Type, or choose an existing virtual directory to use as a template.
5. Click Next.
6. Specify the Directory Path value.
7. Set the CORS options.
   • Cross-Origin Resource Sharing - contains a single wildcard asterisk, i.e., * or an origin, such as http://example.com:8080 or http://foo.example.com. Scripts are authorized to retrieve a resource if that resource either uses the wildcard or lists the origin of the script. For this example, enter the following single URI: http://demo.openlinksw.com
   • Reject Unintended CORS check-box - when ticked and the application does not overwrite headers, unmatched Origins will be rejected by sending an empty response.
8. Click Save changes.

For older versions of Virtuoso, any of the Web Application-level instructions below may be used. Any Virtuoso-based application can implement CORS checking through well-known HTTP functions http_request_header() and http_header(), for example:

<?vsp
IF (http_request_header (lines, 'Origin', NULL) = 'http://host.org')
{
  http_header ('Access-Control-Allow-Origin: http://host.org\r\n');
}
ELSE
{
  RETURN;
}
-- Additional code here ---
?>