How do I configure a CORS filter in IG 5.x and 6.x?
The purpose of this article is to provide assistance on configuring a Cross-origin resource sharing (CORS) filter in IG.
Overview
IG 7 introduces a CorsFilter, which is available to configure policies for CORS to allow requests to be made across domains from user agents. See Configuration Reference › CorsFilter for further information.
In earlier versions, you must configure CORS in the web application container. See the following section, Configuring a CORS filter (pre-IG 7) for further information.
Configuring a CORS filter (pre-IG 7)
In pre-IG 7, you can configure a CORS filter using any of the web container-level instructions as follows:
- Apache Tomcat™ - add a filter based on the org.apache.catalina.filters.CorsFilter filter class to the web.xml file (located in the /path/to/tomcat/conf/ directory). See Apache Tomcat - CORS Filter for further information.
- Jetty® - add a filter based on the org.eclipse.jetty.servlets.CrossOriginFilter class to the webdefault.xml file (located in the /path/to/jetty/etc/ directory). See Jetty - Cross Origin Filter for further information.
- JBoss® - See Enabling Cross-Origin Resource Sharing (CORS) in JBoss EAP 7 management interface for further information.
For example, a CORS filter in Tomcat would look similar to this:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,PUT,DELETE,PATCH,OPTIONS,HEAD</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Authorization,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-OpenAM-Username,X-OpenAM-Password,iPlanetDirectoryPro,Accept-API-Version,If-Match,If-None-Match,Accept-Encoding,Accept-Language,Cache-Control,Connection</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>If you need IG to add the appropriate headers to CORS requests, you can use a CORS filter as described here: Gateway Guide › Setting Up IG As an UMA Resource Server. The CORS filter handles pre-flight (HTTP OPTIONS) requests and responses for all HTTP operations, and adds the appropriate headers to CORS requests.
See Also
How do I troubleshoot issues with the CORS filter in AM/OpenAM (All versions)?
SameSite cookie support in AM and IG
Related Training
N/A
Related Issue Tracker IDs
OPENIG-467 (Support for Cross Origin Resource Sharing (CORS))