CORS Reference

Cross-Origin Resource Sharing (CORS) Configuration

Cross-Origin Resources Sharing (CORS) provide a mechanism to control permission to resources on a server on a different domain or origin than the originating request.

Practically this means that in order to make HTTP requests in JavaScript to Passport when the request is coming from a different domain CORS needs to be configured to allow the request.

The following URLs or URL patterns are allowed through the CORS filter.

/api/*
/oauth2/introspect
/oauth2/token
/oauth2/userinfo
/.well-known/openid-configuration

Please contact support@inversoft.com if you require access to additional endpoints not currently allowed through the CORS filter.