Solved: custom plugin for fixing cors

krushna_padhee_ · 10-05-2016 08:17 AM

Hi,

I am facing cors issue in edge-micro when there is any error like invalid apikey or quota violation. so I need to create a custom plugin. but I am confused which function handler (onrequest, onresponse, onerror-request) to use.

because once apikey validation failed, i don't think response related function would work as it is not hitting target. I tried the below node js program but it is not working. Can somebody help here.

module.exports.init = function(config, logger, stats){

'use stricts';

return { onrequest:function(req, res, next)

{ if(res.code=='403')

{ res.setHeader('access-control-allow-origin', req.getHeader("Origin")); res.setHeader('Access-Control-Allow-Headers', 'origin, accept, apikey, authtoken, content-type, authorization'); } else next();

}

gnanasekaran

@krushna.padhee.ap, looks like the response event handlers are not invoked for errors created by plugins - we are looking into it,

But for now, you could do something like this in your plugin for handling CORS

module.exports.init = function(config, logger, stats) {  
  return {   		
   		onrequest:handleCORS,   		
	}
}


function handleCORS(req,res,next){
	if(req.method=="OPTIONS"){
     	res.setHeader('Access-Control-Allow-Origin','*')
     	res.setHeader('Access-Control-Allow-Methods','GET, POST')
     	res.setHeader('Access-Control-Allow-Headers','Content-Type, Authorization')
     	res.setHeader('Access-Control-Max-Age','3628800')     	
     	res.end('OK')
     }else{
     	res.setHeader('Access-Control-Allow-Origin','*')     	
     }     
     next()
}

let me know if you run into any issues

View solution in original post

gnanasekaran

i think you could use - `onerror_response` - let me see if i can get you a sample

krushna_padhee_

Hi Madhavan,

I have tried onerror_response too, but it didn't work, may be my code is not right. if you have a sample, that would be great.

Thanks,

Krushna

gnanasekaran

@krushna.padhee.ap, looks like the response event handlers are not invoked for errors created by plugins - we are looking into it,

But for now, you could do something like this in your plugin for handling CORS

module.exports.init = function(config, logger, stats) {  
  return {   		
   		onrequest:handleCORS,   		
	}
}


function handleCORS(req,res,next){
	if(req.method=="OPTIONS"){
     	res.setHeader('Access-Control-Allow-Origin','*')
     	res.setHeader('Access-Control-Allow-Methods','GET, POST')
     	res.setHeader('Access-Control-Allow-Headers','Content-Type, Authorization')
     	res.setHeader('Access-Control-Max-Age','3628800')     	
     	res.end('OK')
     }else{
     	res.setHeader('Access-Control-Allow-Origin','*')     	
     }     
     next()
}

let me know if you run into any issues

gnanasekaran

added to git for reference - https://github.com/mukundha/cors-edgemicro-plugin

krushna_padhee_

Hi Madhavan,

I have already handled the OPTION method, then only I come to the error scenario. and i think error handler is not working fine. onerror request tells about the error while receiving the request, but i am not sure, whether invalid apikey error response handled in onerror-request handler.

Regards,

Krushna

gnanasekaran

yes Krushna, i have created a issue here - https://github.com/apigee/microgateway-core/issues/16

as a workaround - you can use the onrequest handler to add the CORS header

krushna_padhee_

Hi Madhavan,

I don't think we can use onrequest handler for error response as an workaround. onrequest can't catch invalid apikey, so how can we feed the cors header in error response. in onrequest handler you can add cors header which would be useful in success scenarios but not for error scenarios.

Regards,

Krushna

gnanasekaran

ha.. i added to the readme, but not here - you would need to modify the plugin sequence for this to work - for eg,

  plugins:
    sequence:
      - cors-edgemicro-plugin
      - oauth