OAuth2 CORS Try it now panel

mblau · 04-26-2022 01:44 PM

Hello all,

I have tried to get the Try it now panel in the integrated portal to function properly and despite my best efforts I am unable to get the policy to apply and function as described in https://cloud.google.com/apigee/docs/api-platform/publish/portal/publish-apis#cors. I have an Oauth2 policy that I have modified accordingly to produce the proper RFC compliant responses. I have followed every step in the article to add a cors policy to an existing proxy and to no avail does the policy seem to be working. I have tried in Chromium and Firefox, both in private mode and not, the result is the same regardless. What am I doing wrong?

dchiesa1

I don't know

Sorry things aren't working smoothly for you.

Show the CORS policy you have attached. Show how you have it attached.

mblau

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CORS continueOnError="false" enabled="true" name="add-cors">
    <DisplayName>Add CORS</DisplayName>
    <AllowOrigins>{request.header.origin}</AllowOrigins>
    <AllowMethods>GET, PUT, POST, DELETE</AllowMethods>
    <AllowHeaders>origin, x-requested-with, accept, content-type, authorization, x-api-key</AllowHeaders>
    <ExposeHeaders>*</ExposeHeaders>
    <MaxAge>3628800</MaxAge>
    <AllowCredentials>false</AllowCredentials>
    <GeneratePreflightResponse>true</GeneratePreflightResponse>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</CORS>

Is the policy that I have attached according to the instructions. It is attached to the pre-flow of my target endpoint.

dchiesa1

ok, please provide some more information. you stated " I am unable to get the policy to apply and function ". What are you specifically observing? It's "not working" but what do you see? What error messages do you see?

Have you successfully deployed the proxy? Have you verified and checked that?

Can you invoke the proxy from curl? or some other command-line tool like Invoke-WebRequest in powershell. (not from a web page) What results do you see? If you can do this, and if your. proxy is correct and properly deployed, then the request should succeed. Have you confirmed that?

If you can see that the proxy is working properly when invoked from a client that does not use CORS, Can you show us a trace session of the case where you try to invoke it from a web app and it does not work?

mblau

What I am observing is that if I pass an authorization token to https://dinochiesa.github.io/cors-demonstrator/ it forwards the request as expected, I am able to curl the proxy endpoint as well, but I get weird html in the try it now panel of the portal and best I can tell it does not hit the proxy at all. I have attached the photo of what I mean.

skare

Does this CORS issue resolved? I am also struggling with this and haven't found any resolutionary stepstill now? If so could you please add detailed resolution steps as I am very new to cloud and very much disappointed due to GCF behaviour?

dchiesa1

I am not clear on what you mean by “very disappointed due to GCF behavior”.

It is possible to use Apigee to send CORS headers in responses, when the upstream endpoint is a google cloud function.

here’s an overview video on the cors policy in Apigee: https://youtu.be/OHbuqW_1fP0

skare

Hi , Thanks a lot for replying.

I have checked your solution and thanks it is worked for unauthentic GCF but for authentic google cloud function I am getting same cors issue. Please share steps if you know for calling authentic GCF by creating APIGEE.