I set up a API proxy and uploaded a Swagger Spec for documenting the proxy.
When I use the "try out" function in the Swagger UI, the request fails with an error returned by one of my proxy's policies since there is no bearer token presented in the request. (The failing policy checks whether there is a bearer token presented or returns a HTTP 401 otherwise)
I used the trace tool to analyse the request from the Swagger UI and figured out that, the request is a HTTP OPTIONS request without a bearer token. This is confuses me, because I setup in the spec the following:
securityDefinitions: Bearer: type: apiKey name: Authorization in: header description: Access Token
and under the paths definition
security: - Bearer: []
Before "try out" I insert a valid bearer token in the Swagger UI "Authorize" section.
Why is the inserted bearer token not being sent to the proxy in the request?
you need to add "OPTIONS" as Access-Control-Allow-Methods in your proxy
Thanks for the hint...
I already set up handling for CORS preflights as it's described here:
https://docs.apigee.com/api-platform/develop/adding-cors-support-api-proxy#handlingcorspreflightrequ...
The CORS policy has the following settings, which for my understanding should be fine
<Header name="Access-Control-Allow-Origin">{request.header.origin}</Header> <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept, content-type, api_key, Authorization
</Header> <Header name="Access-Control-Max-Age">3628800</Header> <Header name="Access-Control-Allow-Methods">GET, OPTIONS</Header>
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |