Configure CORS
Cross-origin resource sharing (CORS) lets user agents make cross-domain server requests. In PingOne Advanced Identity Cloud, you can configure CORS to allow browsers from trusted domains to access PingOne Advanced Identity Cloud protected resources. For example, you might want a custom web application running on your own domain to get an end-user’s profile information using the PingOne Advanced Identity Cloud REST API.
By default, CORS is configured to let the Ping SDKs access PingOne Advanced Identity Cloud. The SDK samples and tutorials all use https://localhost:8443
as the host domain, which you should add to your CORS configuration.
If you are using a different domain for hosting SDK applications, ensure you add them to the CORS configuration as accepted origin domains.
To update the CORS configuration in PingOne Advanced Identity Cloud, follow these steps:
-
Log in to your PingOne Advanced Identity Cloud tenant.
-
At the top right of the screen, click your name, and then select Tenant settings.
-
On the Global Settings tab, click Cross-Origin Resource Sharing (CORS).
-
Perform one of the following actions:
-
If available, click ForgeRockSDK.
-
If you haven’t added any CORS configurations to the tenant, click Add a CORS Configuration, select Ping SDK, and then click Next.
-
-
Add
https://localhost:8443
and any DNS aliases you use to host your Ping SDK for JavaScript applications to the Accepted Origins property. -
Complete the remaining fields to suit your environment.
This documentation assumes the following configuration, required for the tutorials and sample applications:
Property Values Allowed Origin
https://localhost:8443
org.forgerock.demo://oauth2redirect
Accepted Origins
https://localhost:8443
Accepted Methods
GET
POST
Accepted Headers
accept-api-version
x-requested-with
content-type
authorization
if-match
x-requested-platform
iPlanetDirectoryPro
Exposed Headers
authorization
content-type
Enable Caching
True
Max Age
600
Allow Credentials
True
Click Show advanced settings to be able to edit all available fields.
-
Click Save CORS Configuration.