Hello all,
To give some context I have a ReactJS application that calls an Apigee proxy which redirects to an Oracle Access Manager login page. The login page then redirects back to the application. I am getting a CORS error whenever I am trying to call the proxy endpoint using Axios.
Here is my redirect flow. I have read that I should be placing the CORS configuration in the Response and have the headers to "SET". AM-AssignCORS and AM-PreflowAssignCORS share the same XML
I am sure that I have placed the allow origin headers in the right place but I have been stuck with this problem for weeks now and I would really appreciate it if i could have a fresh perspective on what I may be doing wrong. I have probably watched all of Dino Chiesa's videos by now.
Thank you and I appreciate your time.
Hello,
I noticed you use "set", i think you should use "add".
Anyway, yuo can use the CORS policy, for me it works, but it has a bug in the header AllowCredentials. (ref. link)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CORS continueOnError="false" enabled="true" name="CORS">
<DisplayName>CORS</DisplayName>
<AllowOrigins>{request.header.origin}</AllowOrigins>
<AllowMethods>POST</AllowMethods>
<AllowCredentials>true</AllowCredentials>
<AllowHeaders>origin, x-requested-with, accept, content-type, authorization</AllowHeaders>
<ExposeHeaders>content-length,accept-ranges,content-encoding,content-range</ExposeHeaders>
<MaxAge>-1</MaxAge>
<GeneratePreflightResponse>true</GeneratePreflightResponse>
</CORS>
So to fix you have to add it manually:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="AM_Set-Allow-Credential">
<Properties/>
<Add>
<Headers>
<Header name="Access-Control-Allow-Credentials">true</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>