ui.modern.cors.allow_origin

Background

This option sets the value of the CORS Access-Control-Allow-Origin response header sent by the modern UI

Setting the key

Set this configuration key in the results page (preferred) or search package configuration.

Use the configuration key editor to add or edit the ui.modern.cors.allow_origin key, and set the value. This can be set to any valid String value.

Default value

By default all cross domain requests are permitted:

ui.modern.cors.allow_origin=*

Examples

Only permit cross domain requests from a specific origin:

ui.modern.cors.allow_origin=http://www.domain.com/

Notes

  • Changing this setting might affect the admin UI as it needs to request the modern UI using CORS.