The OAuth server supports CORS. CORS is always enabled for some endpoints whereas others need explicit configuration to enable it.
The following endpoints support CORS without any configuration or setup:
These endpoints also do not require pre-flight checks.
The following endpoints can be configured to support CORS without configuring for a specific client:
To enable CORS on these endpoints, refer to the CORS section of the system admin guide.
Additionally, CORS can be enabled for public clients (clients using no authentication method) for following endpoints:
For these endpoints, the origin of the request needs to be configured in the clients Allowed Origins.