ForgeRock SDKs

Allow requests from trusted domains

The following content applies to the ForgeRock JavaScript SDK.

Cross-origin resource sharing (CORS) allows requests to AM resources from trusted domains. AM supports CORS, but CORS is not enabled by default.

In this tutorial, you run the sample application locally using a DNS alias. We recommend

To ensure this domain properly maps to your computer, open a text editor as an admin, and edit your computer’s hosts file so that resolves to

For example, on macOS, open the Terminal app, and enter sudo nano /etc/hosts. Enter your password, and start editing the hosts file:

# Map domains to localhost IP

Location of hosts file:

Linux, macOS




Enable CORS support

Configure the AM CORS filters to allow JavaScript requests from your configured domain name:

  1. Log in to the AM admin UI as an administrator.

  2. Enable CORS globally.

    Under Configure > Global Services > CORS Service > Configuration, set the Enable the CORS filter property to true.

    If this property is not enabled, CORS headers are not added to AM responses from AM, and CORS is disabled.

Copyright © 2010-2023 ForgeRock, all rights reserved.