openhim-core cors

[bwighane]

I can only access a public channel when making Ajax requests but cannot do the same to a private channel. Is the OpenHIM core cors enabled by default?

[BMartinos]

Hi bwighane. Thank you for logging this issue. Our team will log a ticket to investigate whether this is a bug within the core, or a possible implementation issue.

[bwighane]

Hi Martin, I was able to go through The OpenHIM core implementation and make efforts to enable CORS when making AJAX requests. If perhaps there is a way of enabling that without messing with The OpenHIM code please advice. Thanks.

[BMartinos]

Hi bwighane, Im unfortunately not aware of a way to do that without changing the code. This seems to be a bug, and will need proper fixing. We will investigate this issue and deploy a fix once resolved

[pierrekasongo]

Hi, was this issue solved? I am facing the same in 2025.

[drizzentic]

Hi, was this issue solved? I am facing the same in 2025.

Hi @pierrekasongo,
Could you share the steps for how I can replicate this? It will help to address the issue quickly.

[pierrekasongo]

Hi, was this issue solved? I am facing the same in 2025.

Hi @pierrekasongo, Could you share the steps for how I can replicate this? It will help to address the issue quickly.

Hi @drizzentic, I want to consume my mediator API from a frontend on different IP address. The requests are blocked due to cors.
I managed to handle this by adding some code to allow the IP address in openhim-core but just wondering whether this was ever solved easily.

[drizzentic]

@pierrekasongo Okay that will work. Another secure way would be to deploy everything behind a reverse proxy like Nginx. While in a development environment, you can use Chrome without security. Otherwise, the other available options include modifying the code. We don't currently have this configurable, but I will run it by the team to see if we can add a flag to disable cors or allow certain origins.