How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I configure a CORS filter in IG 6.x?

Last updated Jan 11, 2023

The purpose of this article is to provide assistance on configuring a Cross-origin resource sharing (CORS) filter in IG.


IG 7 introduces a CorsFilter, which is available to configure policies for CORS to allow requests to be made across domains from user agents. See CorsFilter for further information.

In earlier versions, you must configure CORS in the web application container. See the Configuring a CORS filter section for further information.

Configuring a CORS filter

You can configure a CORS filter using any of the web container-level instructions as follows:

For example, a CORS filter in Tomcat would look similar to this:

<filter>    <filter-name>CorsFilter</filter-name>     <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>     <init-param>         <param-name></param-name>         <param-value>*</param-value>     </init-param>     <init-param>         <param-name>cors.allowed.methods</param-name>         <param-value>GET,POST,PUT,DELETE,PATCH,OPTIONS,HEAD</param-value>     </init-param>     <init-param>         <param-name>cors.allowed.headers</param-name>         <param-value>Authorization,Content-Type,X-Requested-With,Accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-OpenAM-Username,X-OpenAM-Password,iPlanetDirectoryPro,Accept-API-Version,If-Match,If-None-Match,Accept-Encoding,Accept-Language,Cache-Control,Connection</param-value>     </init-param>     <init-param>         <param-name></param-name>         <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>     </init-param>     <init-param>         <param-name></param-name>         <param-value>true</param-value>     </init-param> </filter> <filter-mapping>     <filter-name>CorsFilter</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping>

If you need IG to add the appropriate headers to CORS requests, you can use a CORS filter as described here: Setting Up IG As an UMA Resource Server. The CORS filter handles pre-flight (HTTP OPTIONS) requests and responses for all HTTP operations, and adds the appropriate headers to CORS requests.

See Also

How do I troubleshoot issues with CORS in AM (All versions)?

SameSite cookie support in AM and IG

Enabling CORS Support

Apache Tomcat - CORS Filter

Jetty - Cross Origin Filter

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.