Search This Blog

Wednesday, February 20, 2013

Cross domain redirect fails on Websphere commerce

If cross domain redirect fails in websphere commerce and you see following error in trace log

isRedirectAllowed(String) CMN1245E: Server fails to redirect to the view URL.

 This is because the fact that redirect filtering is enabled but neither AllowedHost nor AllowedDomain is specified.

 You may either disable URL redirect filtering or specify the proper setting for AllowedHost or AllowedDomain in order for the redirect filtering to work properly.
Correct allowed host in wc-server.xml
  1. Locate the web module where you want to enable this feature. For example, if you want to enable this feature for the Stores web module, this is the section you want to modify:
               <Module contextPath="/webapp/wcs/stores"
       fileServletEnabled="false" name="Stores"
       urlMappingPath="/servlet" webAlias="/wcsstore">
               <InitParameters adapters="XML/HTTP, BrowserAdapter" 
       contextSetName="Store" handleDoubleClick="true"/>
           </Module>
  2. Add a URLRedirectFilter element in the Module element as shown in the following example:
               <Module contextPath="/webapp/wcs/stores" 
       fileServletEnabled="false" name="Stores"
       urlMappingPath="/servlet" webAlias="/wcsstore">
               <InitParameters adapters="XML/HTTP, BrowserAdapter" 
       contextSetName="Store" handleDoubleClick="true"/>
                <URLRedirectFilter enable="true">
                    <AllowedHost name="www.mycompany1.com"/>
                    <AllowedHost name="www.mycompany2.com"/>
                    <AllowedDomain name="mycompany3.com"/>
                 </URLRedirectFilter>
           </Module>
    The usage of these elements is described in the following list:
    URLRedirectFilter enable="true"
    Specifies whether cross-site scripting protection is enabled. Possible values are true or false.
    AllowedHost hostname="www.mycompany1.com"
    Specifies a hostname that WebSphere Commerce will allow redirection to. By default, if this feature is enabled, the Web server hostname that is configured for the WebSphere Commerce instance will be added to the allowed host list.
    AllowedDomain name="mycompany3.com"
    Specifies an entire domain that WebSphere Commerce will allow redirection to. Use this element if you want to allow redirection to all hosts in a domain.

    For details please refer 

    http://www-01.ibm.com/support/docview.wss?uid=swg21458241

Posted by at

1 comment:

Subscribe to: Post Comments (Atom)