Elastic Path Commerce Development

Proxy Configuration

Proxy Configuration

If you're writing an application that runs in a Web Browser (such as a Javascript application) and your application is hosted on a different server to the Cortex API, your requests will be unsuccessful due to the Web Browser's Same Origin Policy. In this case, you will need to set up a proxy server to handle requests between Cortex and your client application. To do this you will need to configure the proxy server to rewrite links to the proxy's address. We suggest using Apache HTTP Server 2.4 as a proxy server.

Rewriting Link URLs

Cortex uses it's server base URL for links in JSON responses. For example, if a Cortex server is deployed at http://api.elasticpath.net/cortex, JSON responses would have the following base URLs:
GET http://api.elasticpath.net/cortex/carts/mobee/default

{
  "self": {
    "type": "elasticpath.carts.cart",
    "uri": "/carts/mobee/mq4=",
    "href": "http://api.elasticpath.net/cortex/carts/mobee/mq4="
  },
  "total-quantity": 3,
  "links": [
    {
      "rel": "lineitems",
      "rev": "cart",
      "type": "application/vnd.elasticpath.links",
      "uri": "/carts/mobee/mq4=/lineitems",
      "href": "http://api.elasticpath.net/cortex/carts/mobee/mq4=/lineitems"
    },
    {
      "rel": "order",
      "rev": "cart",
      "type": "elasticpath.orders.order",
      "uri": "/orders/mobee/gjq=",
      "href": "http://api.elasticpath.net/cortex/orders/mobee/gjq="
    },
    {
      "rel": "total",
      "rev": "cart",
      "type": "application/vnd.elasticpath.total",
      "uri": "/totals/carts/mobee/mq4=",
      "href": "http://api.elasticpath.net/cortex/totals/carts/mobee/mq4="
    }
  ]
}
However, if your client application is deployed on http://app.myhost.net/app, API requests outside of this domain will fail due to the Web Browser's Same Origin Policy. Using a proxy server and the X-Forwarded-Base header for link rewriting, the response can be rewritten to appear as if it's coming from the same server. This works around the Same Origin Policy restriction:
GET http://api.elasticpath.net/cortex/carts/mobee/default
X-Forwarded-Base: http://app.myhost.net/app

{
  "self": {
    "type": "elasticpath.carts.cart",
    "uri": "/carts/mobee/mq4=",
    "href": "http://app.myhost.net/app/carts/mobee/mq4="
  },
  "total-quantity": 3,
  "links": [
    {
      "rel": "lineitems",
      "rev": "cart",
      "type": "application/vnd.elasticpath.links",
      "uri": "/carts/mobee/mq4=/lineitems",
      "href": "http://app.myhost.net/app/carts/mobee/mq4=/lineitems"
    },
    {
      "rel": "order",
      "rev": "cart",
      "type": "elasticpath.orders.order",
      "uri": "/orders/mobee/gjq=",
      "href": "http://app.myhost.net/app/orders/mobee/gjq="
    },
    {
      "rel": "total",
      "rev": "cart",
      "type": "application/vnd.elasticpath.total",
      "uri": "/totals/carts/mobee/mq4=",
      "href": "http://app.myhost.net/app/totals/carts/mobee/mq4="
    }
  ]
}

Proxy Configuration

Configure X-Forwarded-Base in your client's proxy to define the base URL for all Cortex responses. Apache needs LoadModule headers_module modules/mod_headers.so uncommented/enabled for this header to forward.

To configure X-Forwarded-Base:

  • In C:\Apache24\conf\ep-cortex-proxy.conf, set X-Forwarded-Base to your client application's URL. For example, if your client application runs from https://myapp.company.com/subdir the Apache RequestHeader X-Forwarded-Base setting would be:
  • Requests to Cortex can now be via the proxy server: http://app.myhost.net/app and all links will be automatically be rewritten.