CORS issue with new Bootstrap (Beta) Portal

skanade
Participant I

Hello,

I ported my API Proxy with exactly the same swagger spec onto the new portal (Bootstrap -Beta). The Swagger spec works perfectly fine as I have tested it and traced it using Apigee. But for some reasons the CORS configuration that I have (which works on the old portal) does not set the "Access-Control-Allow-Origin" for the OPTIONS call (returns 200 ok) but the browser does not initiate the GET call as the Allow-Origin is not present in the previous Option call.

Any insights will be helpful.

Thanks,

SK

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="add-cors">
    <DisplayName>Add CORS</DisplayName>
    <FaultRules/>
    <Properties/>
    <Set>
        <Headers>
            <Header name="Access-Control-Allow-Origin">*</Header>
            <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept, Content-Type</Header>
            <Header name="Access-Control-Max-Age">3628800</Header>
            <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
        </Headers>
    </Set>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>
Solved Solved
0 2 996
1 ACCEPTED SOLUTION

skanade
Participant I
I should have posted earlier. But you are right Gleb, the issue was with the duplicate Flows tag in the proxy endpoint config.


 <PostFlow name="PostFlow">
        <Request/>
        <Response/>
    </PostFlow>
    <Flows>
        <Flow name="OptionsPreFlight">
            <Request/>
            <Response>
                <Step>
                    <Name>add-cors</Name>
                </Step>
            </Response>
            <Condition>request.verb == "OPTIONS"</Condition>
            <!--AND request.header.origin != null AND request.header.Access-Control-Request-Method != null-->
        </Flow>
    </Flows>
    <Flows/>
    <HTTPProxyConnection>

View solution in original post

2 REPLIES 2

Not applicable

Hello @skanade ,

Do you mean the OPTIONS preflight check response your browser receives is different from the one APIGee sends?

This is the configuration I've used, it works perfectly good - so I guess the issue is somewhere else...

<Headers>
	<Header name="Access-Control-Allow-Origin">{allowed_CORS_domain}</Header>	<Header name="Access-Control-Allow-Headers">Content-Type, Authorization</Header>
	<Header name="Access-Control-Allow-Credentials">true</Header>
        <Header name="Access-Control-Max-Age">3628800</Header>
        <Header name="Access-Control-Allow-Methods">GET,OPTIONS</Header>
</Headers>

// Gleb

skanade
Participant I
I should have posted earlier. But you are right Gleb, the issue was with the duplicate Flows tag in the proxy endpoint config.


 <PostFlow name="PostFlow">
        <Request/>
        <Response/>
    </PostFlow>
    <Flows>
        <Flow name="OptionsPreFlight">
            <Request/>
            <Response>
                <Step>
                    <Name>add-cors</Name>
                </Step>
            </Response>
            <Condition>request.verb == "OPTIONS"</Condition>
            <!--AND request.header.origin != null AND request.header.Access-Control-Request-Method != null-->
        </Flow>
    </Flows>
    <Flows/>
    <HTTPProxyConnection>