ForgeRock SDKs

Add CORS configuration

The following content applies to the ForgeRock JavaScript SDK.
  1. Log in to the AM admin UI as an administrator.

  2. At the top of the page, select Configure > Global Services.

  3. Click CORS Service.

  4. Click Secondary Configurations.

  5. Click Add a Secondary Configuration.

  6. Fill out the fields so as per the following example, and click Create.

    Property Value(s)



    Accepted Origins

    Accepted Methods


    Accepted Headers

    Content-Type, X-Requested-With, Accept-API-Version, If-Match, Authorization

    Exposed Headers


    Example CORS Configuration
  7. Activate Enable the CORS filter.

  8. Activate Allow Credentials.

    Example CORS Configuration
  9. Click Save Changes.

The main CORS configuration page has the following additional properties:

Enable the CORS filter

Specifies whether the values in this CORS configuration instance are active.

Max Age

The maximum length of time, in seconds, that the browser can cache the pre-flight response. The value is included in pre-flight responses in the Access-Control-Max-Age header.

Allow Credentials

Whether to allow requests with credentials in either HTTP cookies or HTTP authentication information. Applies when a request has the credentials property set to include. You must enable this property if you send Authorization headers as part of the CORS requests, or need to include information in cookies when making requests.

Changes to CORS configuration take effect immediately. There is no need to restart the service.
Copyright © 2010-2023 ForgeRock, all rights reserved.