Re: How to enable CORS for my apigee api

Report Inappropriate Content · 02-14-2017 11:28 PM

Hi I am trying to add cors for my apigee api and I have followed the steps here http://docs.apigee.com/api-services/content/adding-cors-support-api-proxy

I am getting a 200 OK but there is no data in my response. When i look under the network console, it doesnt hit my targetted url. Hence I changed my route rule to

<Condition>request.verb == "OPTIONS"</Condition>

<TargetEndpoint>default</TargetEndpoint>

</RouteRule>

But i got a 403 error.

Report Inappropriate Content

Conditions in Route Rules should use only a single =, not a double =. So the correct syntax is <Condition>request.verb = "OPTIONS"</Condition>

pinedajam

I have a question same as this one. When I try to call my API using swagger, I get a 200 OPTIONS call in Apigee trace. but after that, I don't get any api call anymore.

Report Inappropriate Content

Remove the headers and then explicitly add the headers .This worked for me.

<AssignMessage async="false" continueOnError="false" enabled="true" name="add-cors"> <DisplayName>add-cors</DisplayName> <FaultRules/> <Properties/> <Remove> <Headers> <Header name="Access-Control-Allow-Origin"/> <Header name="Access-Control-Allow-Headers"/> <Header name="Access-Control-Max-Age"/> <Header name="Access-Control-Allow-Methods"/> <Header name="Access-Control-Allow-Credentials"/> </Headers> </Remove> <Add> <Headers> <Header name="Access-Control-Allow-Origin">*</Header> <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept,Authorization</Header> <Header name="Access-Control-Max-Age">3628800</Header> <Header name="Access-Control-Allow-Methods">GET</Header> <Header name="Access-Control-Allow-Credentials">true</Header> </Headers> </Add> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="response"/> </AssignMessage>

jovaniac

hey guys, I implemented something like that and it served me correctly.

In the proxy enpoint we must place in the preflow the next call of a Flowcallout to invoke a sharedflow which will have the policy of CORS

<PreFlow name="PreFlow">
<Request>
<Step>
<Name>FC-CORS</Name>
</Step>
<Step>
<Name>FC-OAuth2</Name>
</Step>
</Request>
<Response/>
</PreFlow>

Definition of flowcallout, where we invoke the sharedflow

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FlowCallout async="false" continueOnError="false" enabled="true" name="FC-CORS">
<DisplayName>FC-CORS</DisplayName>
<FaultRules/>
<Properties/>
<SharedFlowBundle>OPTIONS-CORS-Headers-Response</SharedFlowBundle>
</FlowCallout>

definition of sharedflow

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SharedFlow name="default">
<Step>
<Name>OPTIONS-CORS-Headers-Response</Name>
<Condition>request.verb == "OPTIONS"</Condition>
</Step>
</SharedFlow>

definition of the policy of raisefull, where we will indicate the headers of Access-Control-Allow-Origin with * that will allow the invocation from our browser

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RaiseFault async="false" continueOnError="false" enabled="true" name="OPTIONS-CORS-Headers-Response">
<DisplayName>OPTIONS CORS Headers Response</DisplayName>
<Properties/>
<FaultResponse>
<Set>
<Headers>
<Header name="Access-Control-Allow-Origin">*</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept, ucsb-api-key, ucsb-api-version, authorization</Header>
<Header name="Access-Control-Max-Age">3628800</Header>
<Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
</Headers>
<Payload contentType="text/plain"/>
<StatusCode>200</StatusCode>
<ReasonPhrase>OK</ReasonPhrase>
</Set>
</FaultResponse>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>

Regars

vincdprime

Definition of sharedFlow and flowCallout will go in proxyendpoint as well right? @Jovani Arzate

Report Inappropriate Content

cors can be enabled either in proxy endpoint or target endpoint. But this should be in the response side.