diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java
new file mode 100644
index 000000000..b509bf975
--- /dev/null
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java
@@ -0,0 +1,42 @@
+/**
+ *
+ */
+package org.mitre.oauth2.web;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.GenericFilterBean;
+
+/**
+ * @author jricher
+ *
+ */
+@Component("corsFilter")
+public class CorsFilter extends GenericFilterBean {
+
+ /* (non-Javadoc)
+ * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
+ */
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain) throws IOException, ServletException {
+ HttpServletRequest request = (HttpServletRequest)req;
+ HttpServletResponse response = (HttpServletResponse)resp;
+
+ response.addHeader("Access-Control-Allow-Origin", "*");
+ if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
+ // CORS "pre-flight" request
+ response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
+ response.addHeader("Access-Control-Allow-Headers", "X-Requested-With,Origin,Content-Type, Accept, Authorization");
+ }
+ filterChain.doFilter(request, response);
+ }
+
+}
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
index 906bd75da..859ed1260 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
@@ -74,31 +74,37 @@
+
+
+
+
+
+
@@ -114,6 +120,7 @@
authentication-manager-ref="clientAuthenticationManager">
+
@@ -124,6 +131,7 @@
authentication-manager-ref="clientAuthenticationManager">
+