Cross-Origin Resource Sharing (CORS) Configuration
Cross-Origin Resources Sharing (CORS) provide a mechanism to control permission to resources on a server on a different domain or origin than the originating request.
Practically this means that in order to make HTTP requests in JavaScript to FusionAuth when the request is coming from a different domain CORS needs to be configured to allow the request.
The following URLs or URL patterns are allowed through the CORS filter.
/api/*
/oauth2/introspect
/oauth2/userinfo
/.well-known/openid-configurationIf you need further assistance, or require additional endpoints allowed through the CORS filter, ask a question on Stack Overflow or open an issue on Github if you have additional questions. If you have a support contract you may send a request to support@fusionauth.io.