![]() ![]() You can enable CORS for websites that need cross-origin requests to the Okta API. Note: IE8 and IE9 don't support authenticated requests and can't use the Okta session cookie with CORS. You can review which browsers support CORS on /cors (opens new window) ![]() APIs that support CORS are marked with the following icon CORS. If you're building an application that needs CORS, check that the specific operation supports CORS for your use case. The Okta API supports CORS on an API by API basis. See Scopes and supported endpoints.Ĭaution: You should only grant access to specific origins (websites) that you control and trust to access the Okta API. If you are using OAuth 2.0 tokens to make calls to Okta APIs, you don't need to add a Trusted Origin because OAuth for Okta APIs don't rely on cookies. Every website origin must be explicitly permitted as a Trusted Origin. ![]() In Okta, CORS allows JavaScript hosted on your websites to make a request using XMLHttpRequest to the Okta API with the Okta session cookie. CORS defines a standardized (opens new window) way in which the browser and the server can interact to determine whether or not to allow the cross-origin request. Such cross-domain requests would otherwise be forbidden by web browsers as indicated by the same origin security policy (opens new window).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |