Is it possible to apply cross-origin resource sharing (CORS) in a Websphere Application Server Liberty Profile V8.5 ?

I searched the redbook but couldn't find IBM mention anything about it. (http://www.redbooks.ibm.com/abstracts/sg248076.html?Open)

It's not possibility for me to set the headers programmatically like this:

Access-Control-Allow-Origin: *

(http://enable-cors.org/server.html)

You have to add following jars to your WEB-INF/lib folder:

• cors-filter-1.8.jar
• java-property-utils-1.9.jar

In your web.xml you have to add following rules:

<filter>
    <filter-name>CORS</filter-name>
    <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
</filter>
<filter-mapping>
        <filter-name>CORS</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

Starting with the January 2016 Beta (edit: and now in Liberty 8559), WebSphere Liberty supports CORS natively. You just configure the server.xml with the CORS options you want, here's an example:

<cors domain="/sampleApp/path"
   allowedOrigins="https://alice.com:8090"
   allowedMethods="GET, DELETE, POST"
   allowedHeaders="Accept, MyRequestHeader1"
   exposeHeaders="MyResponseHeader1"
   allowCredentials="true"
   maxAge="3600" />

The domain attribute is for the application root that you want this configuration to apply to, which means it won't affect any other context roots. The other 7 attributes follow exactly the official CORS spec (https://www.w3.org/TR/cors/), so they are pretty self explanatory.

Link to beta: https://developer.ibm.com/wasdev/blog/2016/01/15/beta-websphere-liberty-and-tools-january/

For those who is looking for a workaround while using IBM Websphere Application Server and looking for an answer to apply CORS. (You should do this programmatically ) I know the op is looking for an answer without using java code or else... This might be helpfull to somebody else.. Write a filter that lets you to set response headers programmatically. Such as :

public class YourFilter implements javax.servlet.Filter{

    @Override
    public void doFilter(ServletRequest request,ServletResponse servletResponse , FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse ) servletResponse ;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Headers","Access-Control-Allow-Origin, X-Requested-With", bla,bla...);
    }
}

To extend to the CORS from ArthurDM: The documented pages where not explaining enough for me. My setup is the following and I just want to share that with you:

• Use Liberty Profile 8.5.5.9. So the CORS addition to liberty profile is not in beta only anymore.
• Use JavaEE batch and connected the batch to put all its data in the repository (not in memory).
• I wanted to use batchManagement-1.0 feature for the rest api of batch that comes with it.
• Angular 1.

Eventually the following cors setting did the trick:

    <cors domain="/ibm/api" 
       allowedOrigins="http://localhost:9080" 
       allowedMethods="GET, POST, PUT, DELETE" 
       allowedHeaders="Accept, Accept-Language, Content-Language, Content-Type" 
       exposeHeaders="Content-Type" 
       allowCredentials="true" 
       maxAge="3600" />

Good luck, and I hope it helps.