CORS Issue Calling API from New Edge Dev Portal

Not applicable

Hello,

Overview:

I created a dev portal using the simplified portal development tools provided with the New Edge experience, see Building your portal. I published my API Specs and tried calling my proxy through the new dev portal's swaggerUI - https://{my-org}-{my-portal}.apigee.io/apis/{my-proxy}/index.

I got a CORS error, added an assign message CORS policy, and get a response in my browser (yay).

Question:

Is this expected in the new dev portal? (If I understand CORS, it is expect but wanted to double check). If so, does that mean we'll have to add an assign message CORS policy to all of the proxies we publish.

Steps to Recreate:

1. Create new edge dev portal

2. Publish API spec - https://{my-org}-{my-portal}.apigee.io/apis/{my-proxy}/index

3. Call proxy from dev portal and get CORS error in chrome developer console

XMLHttpRequest cannot load https://{my-org}-{env}.apigee.net/{my-resource}?apikey={valid-apikey}.

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://{my-org}-{my-portal}.apigee.io' is therefore not allowed access.

4. Add assign message CORS Policy to Target Endpoint PostFlow Response.

5. Get proper response in browser.

1 3 715
3 REPLIES 3

kirill-ageev
Participant II

Why is it closed? What's the answer?

We ended up using the Drupal-based developer portal for several reasons. I don't recall if this was one of them or not.

We're looking at ways to make this more obvious, but is a feature of CORS that the browser doesn't know why it failed, so this problem isn't easy to solve directly.