#95 – You are here

This week on the podcast, we share Eric Bolinger’s DPK module for WebLogic, Graham’s 5 Things about PeopleSoft Images, more Fluid Ideas, and dive into ELM’s Find Learning page behavior. We finish the episode discussing about Matt Tremblay’s “Reverse Proxy Server with Docker” post.

Show Notes

8.55 – Cross-Origin Resource Sharing

In PeopleTools 8.55, Cross-Orign Resource Sharing (CORS) is now supported. Don’t know what CORS allows? Here is a good primer on the topic.

The Same-Origin Policy restricts the browser from performing certain actions by scripts or documents based on the origin. The origin is everything in the URL before the path (for example, http://www.example.com). For certain actions, the browser will compare origins and, if they don’t match, won’t allow things to proceed. For example:

  • A parent document can’t access the contents of an that comes from a different origin. This prevents a malicious site from opening up your bank’s website and stealing your credentials, as an example.
  • While one document can send information to another via a form post, AJAX requests across origins are generally disallowed.

The Same-Origin Policy is a vital piece of web security architecture, but it also poses a problem. What happens when you want to allow a site with a different origin to access your content?

Here is a great example of where CORS support can benefit PeopleSoft. In Enterprise Learning Management, you can link to hosted web-based training. Often, that web-based training is on a different domain. With CORS support, you can add in remote sites in the Web Profile and display remote courses in your ELM environment.

To enable Cross-Origin sites, open your Web Profile. There is a new tab, Authorized Site, that lets you list many sites to support.