|If you have an earlier server version, you can download an archived version of this article .|
How do you know for sure if you need to enable CORS? Your writers will see the error message "We couldn't establish a secure connection to your server" when they try to open the Acrolinx Sidebar.
To enable CORS on your Acrolinx Server, follow these steps:
Open your overlay of the core server properties file.
You'll find the overlay for the core server properties file in the following location:
Add the following property:
For example, if your web application is hosted at the address https://clever-docs.com , you would enter the property as follows:
cors.allowedOrigins=https://clever-docs.comHere are some further examples that depend on which application you're using:
Application CORS Property Firefox Add-on cors.allowedOrigins=moz-extension://*
Allow access from any Firefox extension. Because of a limitation in Firefox that adds a unique ID to each user instance, we can't set it to only allow the Acrolinx extension.
Chrome Add-on cors.allowedOrigins=chrome-extension://pgenbnkcpmebbcoeeekefkmblmblppbj
Allow access from the Acrolinx extension. The ID belongs to the Acrolinx extension in Chrome and shouldn't change.
Google Docs and Google Sheets cors.allowedOrigins=https://sidebar-classic.acrolinx-cloud.com
The host server address in this example might not be the same for everyone, so check your Sidebar address in the About dialog of your Sidebar.
Allow access from your local file system. Even though XMetaL isn't a web application, it uses Internet Explorer to load the Sidebar.
If you'd like to add multiple origins, you can add them all to one CORS one property and separate them with a comma. Here's what it might look like: cors.allowedOrigins=moz-extension://*,chrome-extension://pgenbnkcpmebbcoeeekefkmblmblppbj,file://127.0.0.1,https://sidebar-classic.acrolinx-cloud.com
If you're still having trouble logging in to your Acrolinx server from the sidebar, try enabling CORS from any source. To do this, add the property as follows:
However, we recommend that you use this setting only for temporary testing. Allowing CORS from any source could make your server vulnerable to malicious activity.
- Save your changes and restart the core server.