Tired of copying and pasting your existing CORS policies across API proxies, just to support testing in http://apistudio.io/ or http://swagger.io/?
I created a CORS proxy and used proxy path chaining to front all my other APIs!
I set the proxy basepath to "/cors" and the target path to "/".
Then prefix each call with /cors, by simply changing the basepath in the OpenAPI Spec.
Example:
GET /myproxybasepath/resources GET /cors/myproxybasepath/resources
Here's my proxy configuration, note the location of CORS policies in the PreFlow for all requests.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ProxyEndpoint name="default"> <Description/> <FaultRules/> <PreFlow name="PreFlow"> <Request> <Step> <Condition>(request.verb = "OPTIONS")</Condition> <Name>JS-Extract-CORS-Headers</Name> </Step> <Step> <Condition>(request.verb = "OPTIONS")</Condition> <Name>RF-CORS</Name> </Step> </Request> <Response/> </PreFlow> <Flows/> <HTTPProxyConnection> <BasePath>/cors</BasePath> <VirtualHost>default</VirtualHost> </HTTPProxyConnection> <RouteRule name="default"> <TargetEndpoint>default</TargetEndpoint> </RouteRule> <PostFlow name="PostFlow"> <Request/> <Response> <Step> <FaultRules/> <Name>AM-CORS</Name> </Step> </Response> </PostFlow> </ProxyEndpoint>
Here's my target configuration, note the use of success.codes to be able to see error responses in API studio.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <TargetEndpoint name="default"> <Description/> <Flows/> <PreFlow name="PreFlow"> <Request/> <Response/> </PreFlow> <PostFlow name="PostFlow"> <Request/> <Response/> </PostFlow> <LocalTargetConnection> <Properties> <Property name="success.codes">1xx,2xx,3xx,4xx,5xx</Property> </Properties> <Path>/</Path> </LocalTargetConnection> </TargetEndpoint>
More info on proxy chaining here: http://docs.apigee.com/api-services/content/connecting-proxies-other-proxies.
CORS proxy attached (cors-chaining.zip).