Hi,
I create an API Proxy with the GET method and use Bearer Authorization and I get this authorization from the client. Maybe below :
this is my Assign Message to get the Bearer token and other parameters:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="AM-PARAM">
<DisplayName>AM-PARAM</DisplayName>
<Properties/>
<Set>
<Headers>
<Header name="Authorization">{request.header.Authorization}</Header>
<Header name="Accept-Encoding">gzip,deflate</Header>
</Headers>
<QueryParams>
<QueryParam name="nameSearch">{request.queryparam.nameSearch}</QueryParam>
</QueryParams>
<Verb>GET</Verb>
</Set>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>
this is my Proxy endpoint :
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
<Description/>
<FaultRules/>
<PreFlow name="PreFlow">
<Request>
<Step>
<Name>AM-PARAM</Name>
<Condition>request.verb != "OPTIONS"</Condition>
</Step>
</Request>
<Response/>
</PreFlow>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
<Flows>
<Flow name="OptionsPreFlight">
<Response>
<Step>
<Name>Add-CORS</Name>
</Step>
</Response>
<Request/>
<Condition>request.verb == "OPTIONS" AND request.header.origin != null AND request.header.Access-Control-Request-Method != null</Condition>
</Flow>
</Flows>
<HTTPProxyConnection>
<BasePath>/use-case</BasePath>
<VirtualHost>default</VirtualHost>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="NoRoute">
<Condition>request.verb == "OPTIONS" AND request.header.origin != null AND request.header.Access-Control-Request-Method != null</Condition>
</RouteRule>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
</ProxyEndpoint>
this is my Target endpoint:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetEndpoint name="default">
<Description/>
<FaultRules/>
<PreFlow name="PreFlow">
<Request>
<Step>
<Name>CORS-1</Name>
</Step>
</Request>
<Response/>
</PreFlow>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
<Flows/>
<HTTPTargetConnection>
<Properties/>
<URL>https://xxx</URL>
</HTTPTargetConnection>
</TargetEndpoint>
this is my Add-CORS policy method :
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="Add-CORS">
<DisplayName>Add CORS</DisplayName>
<FaultRules/>
<Properties/>
<Set>
<Headers>
<Header name="Access-Control-Allow-Origin">*</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept, content-type, Authorization, Accept-Encoding,authorization,Accept-Encoding,Access-Control-Request-Method, Access-Control-Request-Headers</Header>
<Header name="Access-Control-Max-Age">60</Header>
<Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
<Header name="access-control-allow-credentials">true</Header>
<Header name="X-SF-CORS">true</Header>
</Headers>
</Set>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>
and this is CORS policy :
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CORS name="CORS-1" enabled="true">
<AllowOrigins>*</AllowOrigins>
<AllowMethods>GET, POST, DELETE</AllowMethods>
<AllowHeaders>origin, x-requested-with, accept, content-type,authorization,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers</AllowHeaders>
<ExposeHeaders>*</ExposeHeaders>
<MaxAge>60</MaxAge>
<AllowCredentials>true</AllowCredentials>
<GeneratePreflightResponse>true</GeneratePreflightResponse>
</CORS>
when I try to run on the portal get an error 403 ( forbidden ), when I check response value is Invalid CORS Request
please help, What am I missing?
Check the response headers on your preflight request in your browser's network view.
Check the policies and responses from Apigee using API Debug/trace.