CORS support
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. In OneWelcome Identity Platform you can configure CORS.
To configure CORS, on the administration console, go to the Configuration section, then System, and click the CORS support tab.
The image below shows the CORS support view on the admin console with an example configuration.
Enable CORS support
Enable CORS support by checking the CORS enabled check box.
Specify allowed origins
To allow certain domains to access the OneWelcome Identity Platform, you need to fill the Allowed origin(s) field.
-
Origin: The unique combination of a scheme and domain (or hostname and port) combined as
scheme://hostname(orscheme://hostname:port).You can specify one or more origins, each separated with a comma.
If you leave this field empty, while CORS support is enabled, all origins are allowed to access the OneWelcome Identity Platform endpoints. This is not recommended for security reasons.
Specify paths
To make certain OneWelcome Identity Platform endpoints accessible by (configured) external origins, fill the Accessible path(s).
You can specify one or more origins, each separated with a comma. Exact path mapping URIs (such as /revoke) are supported, as well as Ant-style path patterns (such as /api/**).
If you leave this field empty, while CORS support is enabled, all endpoints can be accessed by (configured) origins.
Disable CORS support
To disable CORS support, clear the CORS enabled check box.
