got it working
Took me several hours to figure this out mainly because the process takes so long to restart. Hope this will help someone.
this config is for jasperreports-server-cp-8.2.0
apache-tomcat/webapps/jasperserver/WEB-INF/web.xml
// add cors filter
<!-- add cors filter -->
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>#h#t#t#p#://localhost:8002</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,PUT,OPTIONS,DELETE,PATCH</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Cache-Control,X-Suppress-Basic,Origin,Accept,X-Requested-With,Content-Type,Pragma,accept-timezone,withCredentials,X-Remote-Domain,X-Is-Visualize,x-jrs-base-url,Content-Disposition,Content-Description</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>300</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>*.woff</url-pattern>
</filter-mapping>
//Disabel CSRF
apache-tomcat/webapps/jasperserver/WEB-INF/csrf/jrs.csrfguard.properties
apache-tomcat/webapps/jasperserver/WEB-INF/csrf/Websphere.jrs.csrfguard.properties //not sure if this is needed
org.owasp.csrfguard.Enabled = false
org.owasp.csrfguard.Ajax=false
// deal with underscores with nginx
// rename all instances of OWASP_CSRFTOKEN to OWASP-CSRFTOKEN (with a dash)
// could not get this to work in nginx underscores_in_headers on;
including this file: WEB-INF/csrf/Websphere.jrs.csrfguard.properties
NGINX Config:
server {
listen 443 ssl;
ssl on;
server_name reports.xxxx.com;
underscores_in_headers on;
add_header Referrer-Policy "no-referrer-when-downgrade, origin-when-cross-origin" always;
ssl_certificate /var/www/certs/certfullchain.cer;
ssl_certificate_key /var/www/certs/cert.key;
location /jasperserver {
proxy_pass h-t-t-p://10.20.1.100;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real_IP $remote_addr;
}
}
//didn't need a CookieProcessor in META-INF/context.xml
|