Entrust Identity as a Service™ Administrator Help
Click here to see this page in full context

Report errors or omissions

  1. Home >
  2. Manage Cross Origin Resource Sharing (CORS)

 

Manage Cross Origin Resource Sharing (CORS)

The Cross Origin Resource Sharing (CORS) feature prevents a Web page from making a request initiated from another origin. When enabled, other origins can make API calls to your account. By default, CORS is enabled for new IDaaS accounts.

CORS can be enabled without adding any additional allowed CORS origins. Follow these steps if you want to  to add CORS origins.

Add CORS Origins

Click > Configuration > Cross Origin Resource Sharing. The Cross Origin Resource Sharing page appears.

Select Enable CORS.

Click Add. Enter the allowed origin. Origins have the following options and limitations:

The origin must be in the following format: <http | https> "://" <hostname> [ ":" <port> ]

Origins must begin with HTTP or HTTPS

You can use the localhost for development purposes; however, Entrust does not recommend using it for production environments.

HTTP is the only supported protocol for localhost.

Limitations:

The hostname value cannot include a wildcard  (for example, https://*mydomain.com)

The port supports the *  wildcard (for example, https://www.test.com:*).

If a port value is not provided, the default posts are used: port 80 for  HTTP and port 443 for HTTPS.

Repeat step 3 to add more allowed origins.

Note: When you add CORS values, it automatically adds the CORS Redirect URI to OIDC and OAuth applications. See the Redirect URI setting in Integrate generic OIDC and OAuth application.