You can use a more restrictive Cross-Origin Resource Sharing (CORS) policy on your JMP Server instance by creating a whitelist of the Horizon 7 Connection Server instances that are trusted to access your JMP Server.

By default, a Horizon 7 Connection Server can access your JMP Server instance if it is using the same certificate that is in the certificate chain file that you configured using Configure JMP Server to Use a Certificate Chain File. To ensure that only the approved list of Horizon 7 Connection Server instances have access to your JMP Server, perform the following steps.

Procedure

  1. Using a text editor, open the NGINX configuration file at C:\Program Files (x86)\VMware\JMP\com\XMS\nginx\conf\nginx.conf.
  2. Locate the two occurrences of the following text and uncomment each one by removing the leading # mark so that they appear as follows.
    add_header "Access-Control-Allow-Origin" "$cors_header" always;
  3. Locate the two occurrences of the following text and comment them out by adding a leading # mark so that they appear as follows.
    # add_header "Access-Control-Allow-Origin"  "$http_origin" always;
  4. Add the approved list of Connection Server instances to the whitelist.
    1. Locate the following content in the file.
      # CORS: Whitelist of origins allowed to contact JMP
      # Syntax Documentation: https://nginx.org/en/docs/http/ngx_http_map_module.html
      map $http_origin $cors_header {
        # default value
        # by default no one is allowed
        default '';
      
        # List of hosts allowed to access JMP
        # "~*^(https:\/\/YOUR_CONNECTION_SERVER_DOMAIN\.com)$" "$http_origin";
      }
    2. After the default ''; line, add a line for each Connection Server instance you want to include in the whitelist.

      For example, if the domain names of the Connection Server instances that are allowed to connect to your JMP Server are www.testhorizon.com and www.prodhorizon.com, then the lines to add are shown in bold in the following example.

      default '';
      "~*^(https:\/\/testhorizon\.com)$" "$http_origin";
      "~*^(https:\/\/prodhorizon\.com)$" "$http_origin";
  5. Save the changes you made to the nginx.conf file.
  6. Restart the JMP Platform Services using the Windows Services Manager.