ForgeRock SDKs 3.3

Allow requests from trusted domains

The following content applies to the ForgeRock JavaScript SDK.

Cross-origin resource sharing (CORS) allows requests to AM resources from trusted domains. AM supports CORS, but CORS is not enabled by default.

In this tutorial, you run the sample application locally using a DNS alias. We recommend sdkapp.example.com.

To ensure this domain properly maps to your computer, open a text editor as an admin, and edit your computer’s hosts file so that sdkapp.example.com resolves to 127.0.0.1.

For example, on macOS, open the Terminal app, and enter sudo nano /etc/hosts. Enter your password, and start editing the hosts file:

# Map domains to localhost IP
127.0.0.1    sdkapp.example.com

Location of hosts file:

Linux, macOS

/etc/hosts

Windows

Windows\System32\Drivers\etc\hosts

Enable CORS support

Configure the AM CORS filters to allow JavaScript requests from your configured domain name:

  1. Log in to the AM admin UI as an administrator.

  2. Enable CORS globally.

    Under Configure > Global Services > CORS Service > Configuration, set the Enable the CORS filter property to true.

    If this property is not enabled, CORS headers are not added to AM responses from AM, and CORS is disabled.

Copyright © 2010-2022 ForgeRock, all rights reserved.