How To

How do I configure a CORS filter in IG 5.x and 6.x?

Last updated Aug 10, 2020

The purpose of this article is to provide assistance on configuring a Cross-origin resource sharing (CORS) filter in IG.


Overview

IG 7 introduces a CorsFilter, which is available to configure policies for CORS to allow requests to be made across domains from user agents. See Configuration Reference › CorsFilter for further information.

In earlier versions, you must configure CORS in the web application container. See the following section, Configuring a CORS filter (pre-IG 7) for further information.

Configuring a CORS filter (pre-IG 7)

In pre-IG 7, you can configure a CORS filter using any of the web container-level instructions as follows: 

For example, a CORS filter in Tomcat would look similar to this: 

​<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,PUT,DELETE,PATCH,OPTIONS,HEAD</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Authorization,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-OpenAM-Username,X-OpenAM-Password,iPlanetDirectoryPro,Accept-API-Version,If-Match,If-None-Match,Accept-Encoding,Accept-Language,Cache-Control,Connection</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
    <init-param>
        <param-name>cors.support.credentials</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

If you need IG to add the appropriate headers to CORS requests, you can use a CORS filter as described here: Gateway Guide › Setting Up IG As an UMA Resource Server. The CORS filter handles pre-flight (HTTP OPTIONS) requests and responses for all HTTP operations, and adds the appropriate headers to CORS requests.

See Also

How do I troubleshoot issues with the CORS filter in AM/OpenAM (All versions)?

SameSite cookie support in AM and IG

Installation Guide › Enabling CORS Support

Apache Tomcat - CORS Filter

Jetty - Cross Origin Filter

Related Training

N/A

Related Issue Tracker IDs

OPENIG-467 (Support for Cross Origin Resource Sharing (CORS))



Copyright and TrademarksCopyright © 2020 ForgeRock, all rights reserved.
Loading...