Problems with CORS and wildcards for API users in 6.9
9 views
Skip to first unread message
Katherine Perdue
Feb 24, 2026, 12:57:48 PM (6 days ago) Feb 24
to Dataverse Users Community
Hi everyone,
We recently had a problem where a website that relied on the UVA Dataverse APIs reported that they were getting CORS Policy errors and could no longer make API calls successfully. It broke around the same time that we upgraded from 6.6 to 6.9. We're not currently restricting what domains can use APIs, so we set the JVM option using the command from the update instructions in 6.7:
'bin/asadmin create-jvm-options -Ddataverse.cors.origin=*'
I was able to get the API working again by deleting the 'dataverse.cors.origin' option and setting it as a MicroProfile Config setting instead with:
'bin/asadmin set-config-property --propertyName=dataverse.cors.origin --propertyValue=* --source=domain'
While I was troubleshooting, I did find that if I used 'https://example.com' instead of '*', then the appropriate CORS headings were produced. So it looks like it's '*' specifically that causes problems. I tried a lot of experimenting with escaping '*' and putting it in quotes, but that didn't get me anywhere.
I'm writing mostly to share my solution in case anyone else also runs into this problem, since I didn't see that it had been reported anywhere else, but also to ask if there's a better way to handle this. I'm pretty new to Payara, so it would not surprise me if there was something I missed. Thanks,
Katherine Perdue
Scholarly Repository Librarian
University of Virginia Libraryhttps://orcid.org/0009-0008-4758-2083
kr...@virginia.edu
Philip Durbin
Feb 24, 2026, 2:06:48 PM (6 days ago) Feb 24
to dataverse...@googlegroups.com
Hi Katherine,
Thanks for the writeup!
Yes, in Dataverse 6.9 CORS is no longer enabled by default. This is mentioned under "backward incompatible changes" in the release notes: https://github.com/IQSS/dataverse/releases/tag/v6.9
It's good to have a reminder of this!
Phil
--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/dataverse-community/9a271abd-3616-480f-80ee-5720240c49e2n%40googlegroups.com.
Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin
Reply all
Reply to author
Forward
0 new messages