Configure CORS
Cross-origin resource sharing (CORS) lets user agents make cross-domain server requests. In AM, you can configure CORS to allow browsers from trusted domains to access AM-protected resources. For example, you might want a custom web application running on your own domain to get an end-user’s profile information using the AM REST API.
When trying out the ForgeRock SDKs you run sample applications locally using a DNS alias, such as sdkapp.example.com. You need to add accepted origin domains to the configuration based on the DNS alias you give to your apps.
To enable CORS in AM, and create a CORS filter to allow requests from your configured domain names, follow these steps:
-
Log in to the AM admin UI as an administrator.
-
Navigate to Configure > Global Services > CORS Service > Configuration, and set the Enable the CORS filter property to
true.If this property is not enabled, CORS headers are not added to responses from AM, and CORS is disabled entirely. -
On the Secondary Configurations tab, click Click Add a Secondary Configuration.
-
In the Name field, enter
ForgeRockSDK. -
in the Accepted Origins field, enter any DNS aliases you use for your SDK apps.
This documentation assumes the following configuration:
Property Values Accepted Originshttps://sdkapp.example.com:8443https://angular.example.com:8443https://react.example.com:8443Accepted MethodsGETPOSTAccepted Headersaccept-api-versionauthorizationcontent-typeif-matchiPlanetDirectoryProx-requested-withExposed Headersauthorizationcontent-typex-requested-with -
Click Create.
AM displays the configuration of your new CORS filter.
-
On the CORS filter configuration page:
-
Ensure Enable the CORS filter is enabled.
-
Set the Max Age property to
600 -
Ensure Allow Credentials is enabled.
Figure 1. Example of the completed ForgeRock SDK CORS filter -
-
Click Save Changes.