ForgeRock Developer Experience

Configure CORS

Applies to:

  • ForgeRock SDK for Android

  • ForgeRock SDK for iOS

  • ForgeRock SDK for JavaScript

Cross-origin resource sharing (CORS) lets user agents make cross-domain server requests. In Identity Cloud, you can configure CORS to allow browsers from trusted domains to access Identity Cloud protected resources. For example, you might want a custom web application running on your own domain to get an end-user’s profile information using the Identity Cloud REST API.

By default, CORS is configured to let the ForgeRock SDKs access Identity Cloud. The SDK samples and tutorials all use https://localhost:8443 as the host domain, which you should add to your CORS configuration.

If you are using a different domain for hosting SDK applications, ensure you add them to the CORS configuration as accepted origin domains.

To update the CORS configuration in Identity Cloud, follow these steps:

  1. Log in to your Identity Cloud tenant.

  2. At the top right of the screen, click your name, and then select Tenant settings.

  3. On the Global Settings tab, click Cross-Origin Resource Sharing (CORS).

  4. Perform one of the following actions:

    • If available, click ForgeRockSDK.

    • If you haven’t added any CORS configurations to the tenant, click Add a CORS Configuration, select ForgeRock SDK, and then click Next.

  5. Add https://localhost:8443 and any DNS aliases you use to host your JavaScript SDK applications to the Accepted Origins property.

  6. Complete the remaining fields to suit your environment.

    This documentation assumes the following configuration, required for the tutorials and sample applications:

    Property Values

    Accepted Origins


    Accepted Methods



    Accepted Headers








    Exposed Headers



    Enable Caching


    Max Age


    Allow Credentials


    Click Show advanced settings to be able to edit all available fields.

  7. Click Save CORS Configuration.

Copyright © 2010-2024 ForgeRock, all rights reserved.