I am using current GCP apigee X.
I have OAuth V2 token checking on the proxy, and I configured the proxy policy as:
Always got followng error: CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Any idea?
A PreFlow is a special type of flow that will always execute first. Either use the condition against the policy or create a new conditional flow rather than trying to make the PreFlow conditional.
Thanks for your reply. Following your suggestion, I made following change but still got cors error: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Looks like the OptionsPreFlight flow is either not effective or overwritten by next flow. The cors headers are not added on the response.
I am coming late to this conversation, but ... I think you are not using the CORS policy correctly.
If you are using the CORS policy, you don't need Conditions checking for OPTIONS and so on. You don't' need a dedicated flow. Just drop in the CORS policy in the Request Preflow, and configure it. Prior to the CORS policy, you had to use AssignMessage to generate the headers that are required for a CORS response, and that required a bunch of conditions and checks. But that should be gone now, as far as I am ware.
View a screencast overview of the CORS policy and how it works, here.