Allow requests from trusted domains
The following content applies to the ForgeRock JavaScript SDK. |
Cross-origin resource sharing (CORS) allows requests to AM resources from trusted domains. AM supports CORS, but CORS is not enabled by default.
In this tutorial, you run the sample application locally using a DNS alias.
We recommend sdkapp.example.com
.
To ensure this domain properly maps to your computer, open a text editor as an admin,
and edit your computer’s hosts file so that sdkapp.example.com
resolves to 127.0.0.1
.
For example, on macOS, open the Terminal
app, and enter sudo nano /etc/hosts
.
Enter your password, and start editing the hosts file:
# Map domains to localhost IP 127.0.0.1 sdkapp.example.com
Location of hosts file:
- Linux, macOS
-
/etc/hosts
- Windows
-
Windows\System32\Drivers\etc\hosts
Enable CORS support
Configure the AM CORS filters to allow JavaScript requests from your configured domain name:
-
Log in to the AM admin UI as an administrator.
-
Enable CORS globally.
Under Configure > Global Services > CORS Service > Configuration, set the Enable the CORS filter property to
true
.If this property is not enabled, CORS headers are not added to AM responses from AM, and CORS is disabled.