Enable Cross-Origin Resource Sharing (CORS)

If your writers use a web application like Google Docs, you might need to Enable Cross-Origin Resource Sharing (CORS). You enable CORS so that your Acrolinx Platform and the web application server can share resources. You can do this by adding a property to your configuration file.

To enable CORS on your Acrolinx Platform, follow these steps:

  1. Open your overlay of the core server properties file.

    You'll find the overlay for the core server properties file in the following location:

    %ACROLINX_CONFIGURATION_ROOT%\server\bin\coreserver.properties
  2. Add the following property:

    cors.allowedOrigins=[HOST_SERVER_ADDRESS]

    For example, if you host your web application at the address https://demo-inc.com, you would enter the property as follows:

    Example:
    cors.allowedOrigins= https://demo-inc.com

    Some applications require specific values. Below is a list of specific examples that depend on the application you're using:

    ApplicationCORS Property
    Chrome
    cors.allowedOrigins=chrome-extension://pgenbnkcpmebbcoeeekefkmblmblppbj

    Allow access from Acrolinx for Chrome. The ID belongs to the Acrolinx extension in Chrome and shouldn't change.

    Firefox
    cors.allowedOrigins=moz-extension://*

    Allow access from any Firefox extension. Because of a limitation in Firefox that adds a unique ID to each user instance, we can't set it to only allow the Acrolinx extension.

    Google Docs and Google Sheets

    Check your CORS Origin in the About tab of your Sidebar.

    If you can't access the Sidebar, you can allow access from any Google extension by using:

    cors.allowedOrigins=*.googleusercontent.com
    Microsoft Edge
    cors.allowedOrigins=ms-browser-extension://*

    Allow access from any Microsoft Edge extension. Because of a limitation in Microsoft Edge that adds a unique ID to each user instance, we can't set it to only allow the Acrolinx extension.

    Microsoft Office
    cors.allowedOrigins=res://*

    Allow access from Microsoft Office.

    Office Online
    cors.allowedOrigins=https://updates.acrolinx.com

    Allow access from Microsoft Office Online.

    Safari
    cors.allowedOrigins=safari-extension://*

    Allow access from any Safari extension. Because of a limitation in Safari that adds a unique ID to each user instance, we can't set it to only allow the Acrolinx extension.

    Visual Studio Code
    cors.allowedOrigins=null 

    Although Acrolinx for Visual Studio Code doesn't require CORS, you need to add null to the CORS property for theIintegration to connect to your Core Platform.

    This is only necessary if you’re using Acrolinx for Visual Studio Code version 1.1.

    WordPress
    cors.allowedOrigins=<APPLICATION_SERVER_ADDRESS>

    Replace <APPLICATION_SERVER_ADDRESS> with the address where you host your WordPress instance. For example, if you host WordPress at  https://demo-inc.com, you would enter the property as follows:

    Example
    cors.allowedOrigins=https://demo-inc.com
    XMetaL
    cors.allowedOrigins=file://127.0.0.1

    Allow access from your local file system. Even though XMetaL isn't a web application, it uses Internet Explorer to load the Sidebar.

    Custom or third party integrations
    1. Open the Sidebar in your custom integration
    2. Navigate to About
    3. Copy the CORS Origin link
    4. Add the link to the cors.allowedOrigins property.

    If you'd like to add multiple origins, you can add them all to one CORS property and separate them with a comma. Here's an example of adding multiple origins to allow Firefox and Chrome at the same time:

    Example
    cors.allowedOrigins=moz-extension://*,chrome-extension://pgenbnkcpmebbcoeeekefkmblmblppbj


    If you're still having trouble signing in to Acrolinx from the Sidebar, try enabling CORS from any source. To do this, add the property as follows:

    cors.allowedOrigins=*

    We recommend that you only use this setting for temporary testing. Allowing CORS from any source could make your server vulnerable to malicious activity.

  3. Save your changes and restart the core server.