Modifying the "webapp.allowed.origins" configuration on version 10.3 and later
Article ID: 320518
Updated On: 01-23-2025
Products
VMware Cloud Director
Issue/Introduction
VMware Cloud Director uses a Cross-Origin Resource Sharing filter implementation to maintain a list of all valid endpoints that you can use to access the Service Provider Admin Portal and the VMware Cloud Director Tenant Portal.
The CORS filtering list is populated and updated during the cell configuration. It contains HTTP and HTTPS entries with IPs and DNS names for all cells in the server group.
It also contains a public IP address that is used by the load balancer in front of the VCD server group. This list may need to be modified if your environment changes, or if the DNS names are updated.
This KB describes the way to modify these values in version 10.3 and later.
Symptoms:
- Starting with version 10.3, the
cell-management-toolcan no longer be used to configure the "webapp.allowed.origins" configuration in a VMware Cloud Director environment - Access to the VCD provider or tenant page is blocked by the following error:
Failed to Start" "An error occurred during the initialization. Accessing the application through an unsupported public URL or poor connectivity might cause this error.
- The “Public Addresses” fields have been properly configured but access to the VCD UI is still limited
- DNS entries have recently been changed and access to the VCD UI is no longer available.
Environment
- VMware Cloud Director 10.3
- VMware Cloud Director 10.4
- VMware Cloud Director 10.5
- VMware Cloud Director 10.6
Resolution
To modify the CORS settings, you will need to use the Cloud API.
This API and the majority of all /cloudapi/ APIs can be interacted with via the API Explorer.
Within the cors section of the API Explorer, there will be 2 APIs you will need to levage.
Whilst the API Explorer will contain examples, be sure to add three entries for every endpoint.
https://{{base-url}}/cloudapi/1.0.0/site/settings/cors
This API and the majority of all /cloudapi/ APIs can be interacted with via the API Explorer.
https://{{base-url}}/api-explorer/provider#/cors
NOTE: This, like the UI will require a valid System Administration set of credentials to access.Within the cors section of the API Explorer, there will be 2 APIs you will need to levage.
GET /1.0.0/site/settings/cors PUT /1.0.0/site/settings/cors
Whilst the API Explorer will contain examples, be sure to add three entries for every endpoint.
- FQDN
- HTTP
- HTTPS
{
"origin": "vcd.domain.local"
},
{
"origin": "http://vcd.domain.local"
},
{
"origin": "https://vcd.domain.local"
}
Additional Information
Feedback
Was this article helpful?
Yes
No
Powered by
