How to configure CORS for dynamically generated subdomains?

Loading

Skip to Navigation Skip to Main Content

Search

Search

Select Language

0D54z00008mNZ6kCAGOkta Classic EngineAPI Access ManagementAnswered2025-09-13T09:01:51.000Z2023-02-17T20:17:59.000Z2023-02-20T16:56:21.000Z

gmnev (gmnev) asked a question.

February 17, 2023 at 8:17 PM

How to configure CORS for dynamically generated subdomains?

Our engineering team previews features on a development domain where each feature uses a unique subdomain, e.g. feature-a.example.com, feature-b.example.com, feature-c.example.com, and so-on. These subdomains are automatically provisioned through our IaaS provider. How can we configure CORS to handle the dynamic nature of these subdomains without manually updating the Trusted Origins in API > Security settings?

Top Rated Answers

Mihai N. (Okta, Inc.)
3 years ago
Hi @gmnev (gmnev) , Thank you for reaching out to the Okta Community!

Okta CORS does not support dynamic/wildcards configuration.
However, there is API support. Perhaps your team can leverage that make things a bit easier.
https://developer.okta.com/docs/reference/api/trusted-origins/#create-trusted-origin

If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.

Hope my answer helps!
--------------------------------
Community members help others by clicking Like or Select as Best on responses. Try it today.
Expand Post
Selected as Best

All Answers

Mihai N. (Okta, Inc.)
3 years ago
Hi @gmnev (gmnev) , Thank you for reaching out to the Okta Community!

Okta CORS does not support dynamic/wildcards configuration.
However, there is API support. Perhaps your team can leverage that make things a bit easier.
https://developer.okta.com/docs/reference/api/trusted-origins/#create-trusted-origin

If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.

Hope my answer helps!
--------------------------------
Community members help others by clicking Like or Select as Best on responses. Try it today.
Expand Post
Selected as Best
a0n5s (a0n5s)
3 years ago
@Mihai N. (Okta, Inc.) Are you aware why Okta doesn't include dynamic generation or expression capabilities for Okta CORS? Is it because of security concerns? It's quite inconvenient to have to add CORS every time. Some of my clients have encountered similar issues.
Expand Post
- Mihai N. (Okta, Inc.)
  3 years ago
  Hi @a0n5s (a0n5s) , There's no information regarding it at this time.
  I would suspect it is for security reasons, but the best way for now would be to submit a Feature Request for it if there is demand.
  Expand Post

This question is closed.

Recommended content

Forum

How to configure a subdomain on your DNS provider for custom Okta emails

Forum

CORS configuration for the given okta domains

Forum

How to get the original email entered when using identity provider?

Forum

Dynamically generating a unique login value on create user API

Loading

How to configure CORS for dynamically generated subdomains?