Headless Identity Implementation Guide
j
No Results
Search Tips:
- Please consider misspellings
- Try different search keywords
Set Up Cross-Origin Resource Sharing (CORS)
In production, to use Headless Identity features in a web app, you must enable
Cross-Origin Resource Sharing (CORS) so that your app can communicate with Salesforce. This step
isn’t necessary for the example implementation in this guide, so you can skip it for now. But if
you want to learn how to set up CORS, here’s how it’s done.
| Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience |
| Available in: Enterprise, Unlimited, and Developer Editions |
| User Permissions Needed | |
|---|---|
| To create, read, update, and delete: | Modify All Data |
In production, you set up CORS using the domain of your off-platform app. For this example implementation, if you don’t have a test app in mind, you can create one using Heroku—you can try a basic account for free. Later in this guide, you can use the same app when you implement reCAPTCHA.
- From Setup, in the Quick Find box, enter CORS, and then select CORS.
- For Allowed Origins List, click New.
- Enter a URL pattern that can identify your web app. For example, if your app is hosted on myapp.com, you enter https://www.myapp.com.
-
Save your changes.
Your web app can now request resources from Salesforce.