CORS Reference

Cross-Origin Resource Sharing (CORS) Configuration

Cross-Origin Resources Sharing (CORS) provide a mechanism to control permission to resources on a server on a different domain or origin than the originating request.

Practically this means that in order to make HTTP requests in JavaScript to FusionAuth when the request is coming from a different domain CORS needs to be configured to allow the request.

The following URLs or URL patterns are allowed through the CORS filter.

/api/*
/oauth2/introspect
/oauth2/token
/oauth2/userinfo
/.well-known/openid-configuration

If you need further assistance, or require additional endpoints allowed through the CORS filter, ask a question on Stack Overflow or open an issue on Github if you have additional questions. If you have a support contract you may send a request to support@fusionauth.io.