CORS support¶
Configure CORS support¶
The Token Server offers Cross-Origin Resource Sharing (CORS) support to integrate Token Server processes with existing systems.
In order to configure CORS, go to the Configuration section of the administration console, then System and click the CORS support tab.
The picture below shows the CORS support view in Admin Console with example configuration.
Enable CORS support¶
In order to be able to use CORS support feature you need to enable it by checking CORS enabled.
Specify allowed origins¶
In order to allow certain domains access Token Server application you need to fill the Allowed origin(s) field.
Origin - The unique combination of a scheme and domain (or hostname and port) combined as scheme://domain (or scheme://hostname:port)
You can specify one or more origins, each separated with a comma.
Note: If you leave this field empty, while CORS support is enabled, all origins will be allowed to access Token Server (not recommended due to security reasons)
Specify paths which be accessible from external origins¶
In order to make certain Token Server endpoints accessible by (configured) external origins, you need to fill the Accessible path(s).
You can specify one or more origins, each separated with a comma. Exact path mapping URIs (such as /revoke) are supported as well as Ant-style path patterns (
such as /api/**).
Note: If you leave this field empty, while CORS support is enabled, all endpoints will be possible to access by (configured) origins.
Disable CORS support¶
In order to disable CORS support feature you need to uncheck CORS enabled.
Apply the CORS configuration¶
After saving CORS support configuration you need to restart Token Server Engine Application. Without this step saved configuration won't be applied.