Hello,
I ported my API Proxy with exactly the same swagger spec onto the new portal (Bootstrap -Beta). The Swagger spec works perfectly fine as I have tested it and traced it using Apigee. But for some reasons the CORS configuration that I have (which works on the old portal) does not set the "Access-Control-Allow-Origin" for the OPTIONS call (returns 200 ok) but the browser does not initiate the GET call as the Allow-Origin is not present in the previous Option call.
Any insights will be helpful.
Thanks,
SK
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AssignMessage async="false" continueOnError="false" enabled="true" name="add-cors"> <DisplayName>Add CORS</DisplayName> <FaultRules/> <Properties/> <Set> <Headers> <Header name="Access-Control-Allow-Origin">*</Header> <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept, Content-Type</Header> <Header name="Access-Control-Max-Age">3628800</Header> <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header> </Headers> </Set> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="response"/> </AssignMessage>
Solved! Go to Solution.
I should have posted earlier. But you are right Gleb, the issue was with the duplicate Flows tag in the proxy endpoint config. <PostFlow name="PostFlow"> <Request/> <Response/> </PostFlow> <Flows> <Flow name="OptionsPreFlight"> <Request/> <Response> <Step> <Name>add-cors</Name> </Step> </Response> <Condition>request.verb == "OPTIONS"</Condition> <!--AND request.header.origin != null AND request.header.Access-Control-Request-Method != null--> </Flow> </Flows> <Flows/> <HTTPProxyConnection>
Hello @skanade ,
Do you mean the OPTIONS preflight check response your browser receives is different from the one APIGee sends?
This is the configuration I've used, it works perfectly good - so I guess the issue is somewhere else...
<Headers> <Header name="Access-Control-Allow-Origin">{allowed_CORS_domain}</Header> <Header name="Access-Control-Allow-Headers">Content-Type, Authorization</Header> <Header name="Access-Control-Allow-Credentials">true</Header> <Header name="Access-Control-Max-Age">3628800</Header> <Header name="Access-Control-Allow-Methods">GET,OPTIONS</Header> </Headers>
// Gleb
I should have posted earlier. But you are right Gleb, the issue was with the duplicate Flows tag in the proxy endpoint config. <PostFlow name="PostFlow"> <Request/> <Response/> </PostFlow> <Flows> <Flow name="OptionsPreFlight"> <Request/> <Response> <Step> <Name>add-cors</Name> </Step> </Response> <Condition>request.verb == "OPTIONS"</Condition> <!--AND request.header.origin != null AND request.header.Access-Control-Request-Method != null--> </Flow> </Flows> <Flows/> <HTTPProxyConnection>
User | Count |
---|---|
7 | |
2 | |
2 | |
1 | |
1 |