Configuring Cloud Gate CORS Settings in Oracle Identity Cloud Service

Cloud Gate requires you to configure the following settings in Oracle Identity Cloud Service for Cross-Origin Resource Sharing (CORS) support.

Before you start configuration, ensure that you have the correct version of the Cloud Gate. Earlier versions of the Cloud Gate module didn't provide support for CORS. It was left to Protected Applications to support CORS. If the isCorsAllowed setting in the Web Tier Policy document was configured to true, Cloud Gate would allow preflight CORS Requests through to Protected Applications.

Note:

The minimum Cloud Gate version required is 21.1.2.

Use the /admin/v1/Settings/Settings endpoint to configure the CORS settings. The request is a patch operation. See Update a Setting for more information.

1. Use this sample payload as a template to build the request body. Save the payload to a file, for example, /tmp/cors-settings.json. Edit the file with your deployment details.
   Sample payload.

   {
       "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
       "Operations": [{
           "op": "replace",
           "path": "cloudGateCorsSettings",
           "value": {
               "cloudGateCorsEnabled": true,
               "cloudGateCorsAllowNullOrigin": true,
               "cloudGateCorsAllowedOrigins": [ "https://app.my-server.com:8080", "https://*:*" ],
               "cloudGateCorsMaxAge: 60,
               "cloudGateCorsExposedHeaders": [ "x-custom-header", "x-my-app-header" ]
           }
       }]
   }

   Sample cURL request.

   # $AT is a previously generated Admin Access Token.
   # IDCS URL is an example URL 
   $ curl --insecure --noproxy '*' -X PATCH -H "Content-Type: application/scim+json" -H "Accept: application/json" -H "Authorization: Bearer $AT" "https://identity.oraclecloud.com/admin/v1/Settings/Settings" --data @"/tmp/cors-settings.json"

2. Perform one of the following to enable CORS support.
   • Manually restart or reload the NGINX server.
   • Wait until the Cloud Gate CORS settings cache expires. This can take up approximately 15 minutes, by default.
3. Issue the following commands to confirm that CORS support is enabled.
   • Access-Control-Allow-Origin
   • Access-Control-Allow-Methods
   • Access-Control-Allow-Headers
   • Access-Control-Allow-Credentials
   • Access-Control-Max-Age
   • Access-Control-Expose-Headers