This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

CORS Error Preflight Missing Allow Origin from redirect

Posted on 10-06-2022 01:39 AM
ksleanoacc
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hello all,

To give some context I have a ReactJS application that calls an Apigee proxy which redirects to an Oracle Access Manager login page. The login page then redirects back to the application. I am getting a CORS error whenever I am trying to call the proxy endpoint using Axios. 

apigee_console_1.jpg

apigee_network_2.jpg

Here is my redirect flow. I have read that I should be placing the CORS configuration in the Response and have the headers to "SET". AM-AssignCORS and AM-PreflowAssignCORS share the same XML

ksleanoacc_0-1665045303109.png

apigee_cors_3.jpgapigee_cors_4.jpg

I am sure that I have placed the allow origin headers in the right place but I have been stuck with this problem for weeks now and I would really appreciate it if i could have a fresh perspective on what I may be doing wrong. I have probably watched all of Dino Chiesa's videos by now. 

Thank you and I appreciate your time.

0 1 1,667
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Giupo
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hello,

 I noticed you use "set", i think you should use "add".

Anyway, yuo can use the CORS policy, for me it works, but it has a bug in the header AllowCredentials. (ref. link)

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CORS continueOnError="false" enabled="true" name="CORS">
    <DisplayName>CORS</DisplayName>
    <AllowOrigins>{request.header.origin}</AllowOrigins>
    <AllowMethods>POST</AllowMethods>
    <AllowCredentials>true</AllowCredentials>
    <AllowHeaders>origin, x-requested-with, accept, content-type, authorization</AllowHeaders>
    <ExposeHeaders>content-length,accept-ranges,content-encoding,content-range</ExposeHeaders>
    <MaxAge>-1</MaxAge>
    <GeneratePreflightResponse>true</GeneratePreflightResponse>
</CORS>

 

 So to fix you have to add it manually:

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="AM_Set-Allow-Credential">
    <Properties/>
    <Add>
        <Headers>
            <Header name="Access-Control-Allow-Credentials">true</Header>
        </Headers>
    </Add>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

 

 

 

 

0 Likes
Top Solution Authors
View all