- Configure CORS support
Configure CORS support
The Token Server offers CORS support to integrate Token Server processes with existing systems.
In order to configure CORS, go to the
Configuration section of the administration console, then
CORS support tab.
The picture below shows the
CORS support view in Admin Console with example configuration.
Enable CORS support
In order to be able to use CORS support feature you need to enable it by checking
Specify allowed origins
In order to allow certain domains access Token Server application you need to fill the
Allowed origin(s) field.
Origin - The unique combination of a scheme and domain (or hostname and port) combined as
You can specify one or more origins, each separated with a comma.
Note: If you leave this field empty, while CORS support is enabled, all origins will be allowed to access Token Server (not recommended due to security reasons)
Specify paths which be accessible from external origins
In order to make certain Token Server endpoints accessible by (configured) external origins, you need to fill the
You can specify one or more origins, each separated with a comma. Exact path mapping URIs (such as
/revoke) are supported as well as Ant-style path patterns (such as
Note: If you leave this field empty, while CORS support is enabled, all endpoints will be possible to access by (configured) origins.
Disable CORS support
In order to disable CORS support feature you need to uncheck
Apply the CORS configuration
After saving CORS support configuration you need to restart Token Server Engine Application. Without this step saved configuration won't be applied.