Apigee + Angular No 'Access-Control-Allow-Origin' header is present on the requested resource

Not applicable

Morning;

Maybe this question was asked before 100 times, but really I can not resolve it . I have this configuration in Apigee that respond to OPTIONS request.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="AM-AddCors">
    <DisplayName>AM-AddCors</DisplayName>
    <Properties/>
    <Add>
        <Headers>
            <Header name="Access-Control-Allow-Origin">*</Header>
            <Header name="Access-Control-Allow-Headers">Content-Length, Content-Disposition, Origin, x-requested-with, Accept, Content-Type, Authorization</Header>
            <Header name="Access-Control-Max-Age">3628800</Header>
            <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
        </Headers>
    </Add>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

In the client side I make this call with Angular (HttpClient)

public downloadS2Report(url) {
    let headers = new HttpHeaders();
    let fullurl = environment.config.fundsApi.concat(url);
    headers = headers.set("Authorization", "Bearer *****");
    return this.http.get(fullurl, {headers: headers})
      .map((response:any) => {
        if (response.status == 200) {
          var contentType = 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet';
          var blob = new Blob([(<any>response)._body], {type: contentType});
          return blob;
        }    
      });
  }

I can see the results in the debug view in chrome but I got the famous error with Angular "Access-Control-Allow-Origin' header is present on the requested resource". Do I miss a params in the Apigee config?

6197-2017-12-29-15h07-21.jpg

6198-2017-12-29-15h07-29.jpg

6199-2017-12-29-15h07-40.jpg

0 1 6,386
1 REPLY 1

It looks to me that you have an AssignMessage policy that is assigning to the request message.

    <AssignTo createNew="false" transport="http" type="request"/> 

If you want an API Proxy to respond to an OPTIONS request with a header of Access-Control-Allow-Origin, I think you need to assign to the RESPONSE message.

Also, I cannot tell where in the flow you have attached that AssignMessage policy. You will need to use it in the Response flow.

If this isn't clear, let me know.