Manage Cross Origin Resource Sharing (CORS)
The Cross Origin Resource Sharing (CORS) feature prevents a Web page from making a request initiated from another origin. When enabled, other origins can make API calls to your account. By default, CORS is enabled for new IDaaS accounts.
CORS can be enabled without adding any additional allowed CORS origins. Follow these steps if you want to add CORS origins.
Add CORS origins
-
Click > Configuration > Cross Origin Resource Sharing. The Cross Origin Resource Sharing page appears.
-
Click Add. Enter the allowed origin. Origins have the following options and limitations:
- The origin must be in the following format:
<http | https> "://" <hostname> [ ":" <port> ] - Origins must begin with HTTP or HTTPS
- You can use the localhost for development purposes; however, Entrust does not recommend using it for production environments.
- HTTP is the only supported protocol for localhost.
Limitations:
- The hostname value cannot include a wildcard (for example,
https://*mydomain.com) - The port supports the
*wildcard (for example,https://www.test.com:*). - If a port value is not provided, the default posts are used: port 80 for HTTP and port 443 for HTTPS.
- The origin must be in the following format:
-
Repeat step 2 to add more allowed origins.
When you register redirect URIs for OIDC or OAuth applications, their origins are automatically added to the OIDC and OAuth Endpoints CORS allowlists.
If the OIDC application also has the JWT IDaaS grant type enabled, those redirect URI origins are automatically added to the Authentication API CORS allowlist as well.