docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon ory

docs: when is CORS needed for Hydra

Open vinckr opened this issue 2 years ago • 0 comments

https://www.ory.sh/docs/hydra/guides/cors

  • Revamp phrasing of the document
  • Add explanation to the CORS guide

When to set up CORS for Ory Hydra

CORS only applies to HTTP requests the browser makes to another origin. For example the browser is on http://localhost:3000 but makes a fetch request to http://example.com. In this case example.com needs to allow localhost:3000 to make the request. With browser redirects this is not needed. The /oauth2/auth endpoint redirects to Ory Hydra, which redirects you to your application login page. More a more detailed explanation on OAuth 2.0 flows visit the OAuth2.0 concept documentation.

Alternative:

This could also be covered in a general document on CORS since it is probably a similar issue for Kratos.

https://www.moesif.com/blog/technical/cors/Authoritative-Guide-to-CORS-Cross-Origin-Resource-Sharing-for-REST-APIs/ https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

vinckr avatar Mar 01 '22 13:03 vinckr