Ping SDKs

Configure CORS

Applies to:

  • Ping SDK for Android

  • Ping SDK for iOS

  • Ping SDK for JavaScript

Cross-origin resource sharing (CORS) lets user agents make cross-domain server requests. In PingOne Advanced Identity Cloud, you can configure CORS to allow browsers from trusted domains to access PingOne Advanced Identity Cloud protected resources. For example, you might want a custom web application running on your own domain to get an end-user’s profile information using the PingOne Advanced Identity Cloud REST API.

By default, CORS is configured to let the Ping SDKs access PingOne Advanced Identity Cloud. The SDK samples and tutorials all use https://localhost:8443 as the host domain, which you should add to your CORS configuration.

If you are using a different domain for hosting SDK applications, ensure you add them to the CORS configuration as accepted origin domains.

To update the CORS configuration in PingOne Advanced Identity Cloud, follow these steps:

  1. Log in to your PingOne Advanced Identity Cloud tenant.

  2. At the top right of the screen, click your name, and then select Tenant settings.

  3. On the Global Settings tab, click Cross-Origin Resource Sharing (CORS).

  4. Perform one of the following actions:

    • If available, click ForgeRockSDK.

    • If you haven’t added any CORS configurations to the tenant, click Add a CORS Configuration, select Ping SDK, and then click Next.

  5. Add https://localhost:8443 and any DNS aliases you use to host your Ping SDK for JavaScript applications to the Accepted Origins property.

  6. Complete the remaining fields to suit your environment.

    This documentation assumes the following configuration, required for the tutorials and sample applications:

    Property Values

    Allowed Origin

    https://localhost:8443

    org.forgerock.demo://oauth2redirect

    Accepted Origins

    https://localhost:8443

    Accepted Methods

    GET

    POST

    Accepted Headers

    accept-api-version

    x-requested-with

    content-type

    authorization

    if-match

    x-requested-platform

    iPlanetDirectoryPro

    Exposed Headers

    authorization

    content-type

    Enable Caching

    True

    Max Age

    600

    Allow Credentials

    True

    Click Show advanced settings to be able to edit all available fields.

  7. Click Save CORS Configuration.