CORS support
Configure CORS support
The Token Server offers CORS support to integrate Token Server processes with existing systems.
In order to configure CORS, go to the Configuration
section of the administration console, then System
and
click the CORS support
tab.
The picture below shows the CORS support
view in Admin Console with example configuration.
Enable CORS support
In order to be able to use CORS support feature you need to enable it by checking CORS enabled
.
Specify allowed origins
In order to allow certain domains access Token Server application you need to fill the Allowed origin(s)
field.
Origin - The unique combination of a scheme and domain (or hostname and port) combined as scheme://domain
(or scheme://hostname:port
)
You can specify one or more origins, each separated with a comma.
Note: If you leave this field empty, while CORS support is enabled, all origins will be allowed to access Token Server (not recommended due to security reasons)
Specify paths which be accessible from external origins
In order to make certain Token Server endpoints accessible by (configured) external origins, you need to fill the Accessible path(s)
.
You can specify one or more origins, each separated with a comma. Exact path mapping URIs (such as /revoke
) are supported as well as Ant-style path patterns (such as /api/**
).
Note: If you leave this field empty, while CORS support is enabled, all endpoints will be possible to access by (configured) origins.
Disable CORS support
In order to disable CORS support feature you need to uncheck CORS enabled
.
Apply the CORS configuration
After saving CORS support configuration you need to restart Token Server Engine Application. Without this step saved configuration won't be applied.