Enable CORS Configuration

Browsers require cross-origin resource sharing (CORS) for functions that access responses from browser requests to a domain other than the base page's domain. You must explicitly grant cross-domain access to all applicable ADRUM_n headers.

To enable CORS configuration, follow these steps:

  1. Define the required AWS response headers in the Amazon API Gateway. See AWS documentation for advanced headers and additional details:
    • Access-Control-Expose-Headers - maps the custom ADRUM headers. These headers must have the names ADRUM_0 through ADRUM_3 to be compatible with the JavaScript Agent. For example, ADRUM_0 , ADRUM_1 , ADRUM_2 , ADRUM_3 .

    • Access-Control-Allow-Methods - select the header(s) with the appropriate method. For example, POST, OPTIONS.

    • Access-Control-Allow-Origin - set to the full URL of the web page that originated the request, including schema, hostname, and port; enclose the URL in single quotes. For example, 'http://my-saas-service.com:8000' .
  2. After you have enabled CORS, you must define the response header mappings. To configure response header mappings in the Amazon API Gateway, refer to the Amazon documentation. The list below contains response headers and examples of their mapping values for CORS configuration:
    • Access-Control-Expose-Headers: `ADRUM_0, ADRUM_1, ADRUM_2, ADRUM_3`
    • Access-Control-Allow-Credentials: `true`
    • Access-Control-Allow-Methods: `POST,OPTIONS`
    • Access-Control-Allow-Origin: `http://my-saas-service.com:8000`
  3. Optional: If you connect your function to the Amazon API Gateway via a proxy integration, define the CORS response header mappings in your function code: 
    //Return EUM Metadata
let appDEumHeaders = tracer.getEumMetadata(appDBusinessTxn);
let returnHeaders = {
'Access-Control-Allow-Origin': 'http://my-saas-service.com:8000',
'Access-Control-Allow-Credentials': true,
'Access-Control-Expose-Headers': 'ADRUM_0,ADRUM_1,ADRUM_2,ADRUM_3'
};