Menu
▾
▴
Re: [Unity-idm-discuss] unity and SPA using PKCE
|
From: Krzysztof B. <kb...@un...> - 2021-11-03 09:42:27
|
Hi Sander, W dniu 03.11.2021 o 09:48, Sander Apweiler pisze: > Good morning Krzysztof, > we have an SP which operates a single page application (SPA) and want > to use PKCE. The browser expect HTTP header "access-control-allow- > origin" to CORS requests, but it seems that unity does not send them: Yes, PKCS is supported, but CORS needs to be properly configured separately (it may be also needed in other than PKCE scenarios). See http://www.unity-idm.eu/documentation/unity-3.6.0/manual.html#_http_server_settings (section on "CORS settings"). For sure you have to enable it, likely set origins properly and maybe more, depending on security requirements. HTH, Krzysztof |
