CORS support

Configure CORS support

The Token Server offers CORS support to integrate Token Server processes with existing systems.

In order to configure CORS, go to the Configuration section of the administration console, then System and click the CORS support tab.

The picture below shows the CORS support view in Admin Console with example configuration.

CORS support

Enable CORS support

In order to be able to use CORS support feature you need to enable it by checking CORS enabled.

Specify allowed origins

In order to allow certain domains access Token Server application you need to fill the Allowed origin(s) field.

Origin - The unique combination of a scheme and domain (or hostname and port) combined as scheme://domain (or scheme://hostname:port)

You can specify one or more origins, each separated with a comma.

Note: If you leave this field empty, while CORS support is enabled, all origins will be allowed to access Token Server (not recommended due to security reasons)

Specify paths which be accessible from external origins

In order to make certain Token Server endpoints accessible by (configured) external origins, you need to fill the Accessible path(s).

You can specify one or more origins, each separated with a comma. Exact path mapping URIs (such as /revoke) are supported as well as Ant-style path patterns (such as /api/**).

Note: If you leave this field empty, while CORS support is enabled, all endpoints will be possible to access by (configured) origins.

Disable CORS support

In order to disable CORS support feature you need to uncheck CORS enabled.

Apply the CORS configuration

After saving CORS support configuration you need to restart Token Server Engine Application. Without this step saved configuration won't be applied.