Cross-origin resource sharing
Cross-origin resource sharing (CORS) allows devices on one domain to access resources on another domain.
You can configure CORS settings for PingOne applications to allow inbound CORS requests from specific, trusted domains on a per-application basis.
Learn more in Editing an application.
Example scenario
Your organization hosts a single-page application at https://shop.mycompany.com. The application has a corresponding application record in PingOne that functions as the OAuth client.
When users sign on to the application on your domain, the browser sends a background request from that domain to a PingOne endpoint on another domain, such as https://auth.pingone.com.
Because the request crosses origins between the two domains, the browser enforces CORS settings. To prevent cross-origin requests from being blocked, you must add https://shop.mycompany.com to the PingOne application’s allowed CORS origin domains list on the Configuration tab.
After the origin is added to the PingOne application, when the browser sends the cross-origin request, PingOne returns the required CORS headers, and the user can successfully sign on. If the origin isn’t added to the PingOne application, the browser blocks the request, and the user’s sign-on attempt fails.