Thursday, November 14, 2019

IdentityServer 4 - CORS

If an endpoint is called via Ajax calls from JavaScript-based clients, CORS configuration is required.

This can be done by setting the AllowedCorsOrigins collection on the client configuration. IdentityServer will consult these values to allow cross-origin calls from the origins.

Remark: Be sure to use an origin (not a URL) when configuring CORS. For example: https://foo:123/ is a URL, whereas https://foo:123 is an origin.