Announcement: You can find the guides for Commerce 7.5 and later on the new Elastic Path Documentation site. This Developer Center contains the guides for Commerce 6.13.0 through 7.4.1.Visit new site

This version of Elastic Path Commerce is no longer supported or maintained. To upgrade to the latest version, contact your Elastic Path representative.

Setting up a proxy for Cortex API (A.K.A Getting around CORS)

Setting up a proxy for Cortex API (A.K.A Getting around CORS)

Due to CORS, you must set up a proxy to handle requests between Cortex API and client applications. We suggest using Apache HTTP Server 2.4 for your client's proxy. The instructions below assume you set up your proxy following these instructions: Running Cortex API & Cortex Studio outside of Eclipse.

The CORS Problem

Cortex API uses its server's base URL for the href prefixes in JSON responses. For example, if your Cortex server runs on http://aws-qa3.elasticpath.net:13080/integrator, JSON responses would have these base hrefs:

However, your client application might run from https://myapp.company.com/subdir; therefore, if your client uses these hrefs your application would fail because of CORS.

The CORS Solution

Configure X-Forwarded-Base in your client's proxy heading to define the base href for Cortex API JSONs. X-Forwarded-Base is a special header interpreted by Cortex API. Apache needs LoadModule headers_module modules/mod_headers.so uncommented/enabled for this header to forward. By default, the instructions in Running Cortex API & Cortex Studio outside of Eclipse have this module enabled.

To configure X-Forwarded-Base:

  • In C:\Apache24\conf\ep-cortex-proxy.conf, set X-Forwarded-Base to your client application's URL. For example, if your client application runs from https://myapp.company.com/subdir the Apache RequestHeader X-Forwarded-Base setting would be:
    RequestHeader append X-Forwarded-Base "https://myapp.company.com/subdir"
    Cortex API JSONs then return with this base href: