SmartDocs Configuration - help with CORS and Proxy URL Configuration

Not applicable

6430-smartdocscors2.png

We are running Apigee Edge Private Cloud and trying to get SmartDocs functionality working in our Developer Portal.

I've read the docs https://docs.apigee.com/developer-services/content/using-smartdocs-document-apis#models and various form posts and I'm stumped.

Could you clarify if the Proxy URL should be set to the host of the Edge Management server endpoint or to a hostname where the proxies are actually deployed? I am currently configured to point the the management endpoint as suggested by the help text in the config screen.

I've created an API and simple model, rendered, and I can browse to it in the portal. When testing a simple API via the SmartDocs Send this Request, I am getting a CORS error on the preflight OPTIONS call.

If I try the same request via CURL, I get the following:

$ curl -k -X OPTIONS https://apiconfigtest.mycompany.com//v1/smartdocs/v1/sendrequest%20?targeturl=https%3A%2F%2Fapisandb...
[1] 14184
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
hongbm@VD0012906 MINGW64 ~
100    47  100    47    0     0     47      0  0:00:01 --:--:--  0:00:01   100<html><body>No service was found.</body></html>

I have verified that the following command returns results of models in Edge.

curl -k https://apiconfigtest.mycompany.com/v1/o/sandbox/apimodels/ -u username:password

Any ideas how to further troubleshoot?

Thanks,

Bob

0 6 985
6 REPLIES 6

Not applicable

I forgot to mention that I can call the actual API successfully via Postman.

Hi @bobhong

I think you'll have to add CORS support to your proxy directly, see https://docs.apigee.com/api-services/content/adding-cors-support-api-proxy. That should give the 'ok' response to the preflight request, allowing the real request to happen.

Thanks Karl,

I have added CORS headers on the proxy itself and confirmed I can hit the url using http://www.test-cors.org.

While tracing the proxy, I never see the request when coming from SmartDocs, but I do when using the test-cors page.

I thought maybe something wasn't fully configured on Edge. We do see the smartdocs.zip in /opt/apigee/apigee-validate/bundles/ as referenced in the install guide. https://docs.apigee.com/private-cloud/v4.17.05/install-smartdocs

Anything else to check?

Former Community Member
Not applicable

hi @bobhong

did you find the solution for that issue?

jovaniac
Participant II
hey guys, I implemented something like that and it served me correctly.
In the proxy enpoint we must place in the preflow the next call of a Flowcallout to invoke a sharedflow which will have the policy of CORS

<PreFlow name="PreFlow">
<Request>
<Step>
<Name>FC-CORS</Name>
</Step>
<Step>
<Name>FC-OAuth2</Name>
</Step>
</Request>
<Response/>
</PreFlow>

Definition of flowcallout, where we invoke the sharedflow

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FlowCallout async="false" continueOnError="false" enabled="true" name="FC-CORS">
<DisplayName>FC-CORS</DisplayName>
<FaultRules/>
<Properties/>
<SharedFlowBundle>OPTIONS-CORS-Headers-Response</SharedFlowBundle>
</FlowCallout>

definition of sharedflow

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SharedFlow name="default">
<Step>
<Name>OPTIONS-CORS-Headers-Response</Name>
<Condition>request.verb == "OPTIONS"</Condition>
</Step>
</SharedFlow>

definition of the policy of raisefull, where we will indicate the headers of Access-Control-Allow-Origin with * that will allow the invocation from our browser

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<RaiseFault async="false" continueOnError="false" enabled="true" name="OPTIONS-CORS-Headers-Response">
<DisplayName>OPTIONS CORS Headers Response</DisplayName>
<Properties/>
<FaultResponse>
<Set>
<Headers>
<Header name="Access-Control-Allow-Origin">*</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept, ucsb-api-key, ucsb-api-version, authorization</Header>
<Header name="Access-Control-Max-Age">3628800</Header>
<Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
</Headers>
<Payload contentType="text/plain"/>
<StatusCode>200</StatusCode>
<ReasonPhrase>OK</ReasonPhrase>
</Set>
</FaultResponse>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</RaiseFault>

angular:

const httpOptions2= { headers:newHttpHeaders({ 'Authorization':'Bearer token' }) };

obtenerCatalogos():Observable<any> { return this.httpClient.get<any>(uriApigee+'endpointapigee',httpOptions2); }

Regars