How To

How do I configure a CORS filter in IG 5.x and 6.x?

Last updated Aug 10, 2020

The purpose of this article is to provide assistance on configuring a Cross-origin resource sharing (CORS) filter in IG.


IG 7 introduces a CorsFilter, which is available to configure policies for CORS to allow requests to be made across domains from user agents. See Configuration Reference › CorsFilter for further information.

In earlier versions, you must configure CORS in the web application container. See the following section, Configuring a CORS filter (pre-IG 7) for further information.

Configuring a CORS filter (pre-IG 7)

In pre-IG 7, you can configure a CORS filter using any of the web container-level instructions as follows: 

For example, a CORS filter in Tomcat would look similar to this: 


If you need IG to add the appropriate headers to CORS requests, you can use a CORS filter as described here: Gateway Guide › Setting Up IG As an UMA Resource Server. The CORS filter handles pre-flight (HTTP OPTIONS) requests and responses for all HTTP operations, and adds the appropriate headers to CORS requests.

See Also

How do I troubleshoot issues with the CORS filter in AM/OpenAM (All versions)?

SameSite cookie support in AM and IG

Installation Guide › Enabling CORS Support

Apache Tomcat - CORS Filter

Jetty - Cross Origin Filter

Related Training


Related Issue Tracker IDs

OPENIG-467 (Support for Cross Origin Resource Sharing (CORS))

Copyright and TrademarksCopyright © 2020 ForgeRock, all rights reserved.