This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

While testing the API in Developer portal not getting default fault rules error message

Posted on 11-23-2021 06:34 AM
priya_Edupalli
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello Team, 

While testing the API in the Developer portal not getting default fault rules error message getting response as "An unknown error occurred while making the request. Please verify your connection and try again. If you continue to experience issues please contact support" but when I try with Assign message policy is given related error message

we are getting errors like below when I use RaiseFault:

Access to XMLHttpRequest at 'https://apigwu.icicipruamc.com/v1/api/dp_foliocreation' from origin 'https://devu.icicipruamc.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Find the below Add-cors Code

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="add-cors">
<DisplayName>add-cors</DisplayName>
<FaultRules/>
<Properties/>
<Set>
<Headers>
<Header name="Access-Control-Allow-Origin">*</Header>
<Header name="Access-Control-Allow-Headers"> origin, x-requested-with, accept, content-type, Authorization, XMLHttpRequest, www-Authenticate, ConsumerKey, ClientID,</Header>
<Header name="Access-Control-Max-Age">600</Header>
<Header name="Access-Control-Allow-Methods">GET, POST</Header>
<Header name="Access-Control-Allow-Credentials">true</Header>
<Header name="Cache-Control">no-cache</Header>
<Header name="Strict-Transport-Security">max-age=31536000; includeSubDomains; preload</Header>
</Headers>
</Set>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>

Find the below screenshot for default rules configuration:

 

priya_Edupalli_0-1637677966490.png

 

Kindly help on this,

Thank You,

 

0 1 119
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
kurtkanaskie
Staff
Reply posted on --/--/---- --:-- AM

Hello Priya,

You're on the right path, you need to set CORS values on error responses. Perhaps you are missing one of the error conditions and not executing your CORS policy, or perhaps you are not setting Headers correctly.

You can add a DefaultFaultRule to always execute after your FaultRules and put the "add-cors" policy there, that would ensure you're executing your policy.

For example:

<ProxyEndpoint name="default">
    <DefaultFaultRule name="DefaultFaultRule">
        <Step>
            <Name>AM-CORS</Name>
        </Step>
        <AlwaysEnforce>true</AlwaysEnforce>
    </DefaultFaultRule>
    <FaultRules>
...

You can also set the headers to "*" to avoid missing any headers that you explicitly set. Not a great security solution, but it may help to debug your situation.

For example:

<AssignMessage name="AM-CORS">
    <DisplayName>AM-CORS</DisplayName>
    <Set>
        <Headers>
            <Header name="Access-Control-Allow-Origin">*</Header>
            <Header name="Access-Control-Allow-Headers">*</Header>
            <!-- Use a larger value in seconds for prod, using 60 allows for testing  -->
            <Header name="Access-Control-Max-Age">60</Header>
            <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
            <!-- Set a header to prove this executed -->
            <Header name="X-CORS">true</Header>
        </Headers>
    </Set>
</AssignMessage>

Hope that helps.

BTW, if your using Apigee X, there's a new CORS policy that makes this super easy!

Top Solution Authors
View all