Configure CORS
Cross-origin resource sharing (CORS) lets user agents make cross-domain server requests. In Identity Cloud, you can configure CORS to allow browsers from trusted domains to access Identity Cloud protected resources. For example, you might want a custom web application running on your own domain to get an end-user’s profile information using the Identity Cloud REST API.
By default, CORS is configured to let the ForgeRock SDKs access Identity Cloud. The SDK samples and tutorials all use https://localhost:8443
as the host domain, which you should add to your CORS configuration.
If you are using a different domain for hosting SDK applications, ensure you add them to the CORS configuration as accepted origin domains.
To update the CORS configuration in Identity Cloud, follow these steps:
-
Log in to your Identity Cloud tenant.
-
At the top right of the screen, click your name, and then select Tenant settings.
-
On the Global Settings tab, click Cross-Origin Resource Sharing (CORS).
-
Perform one of the following actions:
-
If available, click ForgeRockSDK.
-
If you haven’t added any CORS configurations to the tenant, click Add a CORS Configuration, select ForgeRock SDK, and then click Next.
-
-
Add
https://localhost:8443
and any DNS aliases you use to host your JavaScript SDK applications to the Accepted Origins property. -
Complete the remaining fields to suit your environment.
This documentation assumes the following configuration, required for the tutorials and sample applications:
Property Values Accepted Origins
https://localhost:8443
Accepted Methods
GET
POST
Accepted Headers
accept-api-version
x-requested-with
content-type
authorization
if-match
x-requested-platform
iPlanetDirectoryPro
Exposed Headers
authorization
content-type
Enable Caching
True
Max Age
600
Allow Credentials
True
Click Show advanced settings to be able to edit all available fields.
-
Click Save CORS Configuration.