CORS on Virtuoso

These instance/server-level settings require OpenLink Virtuoso Open Source (VOS) 6.1.3 or later, or Virtuoso Commercial Edition 06.02.3129 or later. [more...]

  1. In the Virtuoso Conductor, go to Web Application ServerVirtual Domains & Directories.
  2. Expand the default Interface store.
  3. Click New Directory.
  4. Specify the desired Virtual Directory Type, or choose an existing virtual directory to use as a template.
  5. Click Next.
  6. Specify the Directory Path value.
  7. Set the CORS options.
    • Cross-Origin Resource Sharing - contains a single wildcard asterisk, i.e., * or an origin, such as or Scripts are authorized to retrieve a resource if that resource either uses the wildcard or lists the origin of the script. For this example, enter the following single URI:
    • Reject Unintended CORS check-box - when ticked and the application does not overwrite headers, unmatched Origins will be rejected by sending an empty response.
  8. Click Save changes.

For older versions of Virtuoso, any of the Web Application-level instructions below may be used. Any Virtuoso-based application can implement CORS checking through well-known HTTP functions http_request_header() and http_header(), for example:

IF (http_request_header (lines, 'Origin', NULL) = '')
  http_header ('Access-Control-Allow-Origin:\r\n');
-- Additional code here ---

Who’s behind this

Monsur Hossain and Michael Hausenblas


The content on this site stays fresh thanks to help from users like you! If you have suggestions or would like to contribute, fork us on GitHub.

Buy the book

Save 39% on CORS in Action with promotional code hossainco at