CORS error every other time a request is made

davidbutzjr · 01-03-2019 03:02 PM

I created my first proxy to add basic authentication credentials to an API that does not support CORS so I can access it via JS. I think I've been mostly successful but when I test my site it seems to work twice, then fail twice with a CORS error, then loops again working twice failing twice..

I'm totally stumped as to why it would work/fail in that pattern. You can try it yourself here: http://apps.schoolsitelocator.com/api.html

I get this message in postman:

{ "fault": { "faultstring": "Unable to identify proxy for host: davidbutzjr-eval-prod.apigee.net:443 and url: /insightly", "detail": { "errorcode": "messaging.adaptors.http.flow.ApplicationNotFound" } } }

thanks in advance!

sidd-harth

Hi @David Butz, CORS is a commonly implemented solution to the "same-origin policy" that is enforced by all browsers. All you need to do is attach CORS headers to the TargetEndpoint response. As long as the browser supports CORS, these headers signal to the browser that it's okay to "relax" its same-origin policy, allowing the cross-origin API call to succeed.

We can add CORS on APigee proxy layer. Can you please try adding it and accessing it through your domain/app. Follow below doc and check out the video,

https://docs.apigee.com/api-platform/develop/adding-cors-support-api-proxy

For below error, try to undeploy and deploy the Proxy again

{ "fault": { "faultstring": "Unable to identify proxy for host: davidbutzjr-eval-prod.apigee.net:443 and url: /insightly", "detail": { "errorcode": "messaging.adaptors.http.flow.ApplicationNotFound" } } }

I guess this error is related to Apigee Free Cloud account.

davidbutzjr

Thanks for getting back to me. I believe I have the CORS already implemented.

I have undeployed and redeployed the proxy but I get the same behavior; the first two tests work great, then the next two fail with the above error message and then that pattern loops such that test 5 and 6 work again via Postman.

Yes, I am using the Free Cloud at this point.

sidd-harth

Please post your Add Cors Policy here.

davidbutzjr

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="add-cors">
    <DisplayName>Add CORS</DisplayName>
    <FaultRules/>
    <Properties/>
    <Add>
        <Headers>
            <Header name="Access-Control-Allow-Origin">{request.header.origin}</Header>
            <Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
            <Header name="Access-Control-Max-Age">3628800</Header>
            <Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
        </Headers>
    </Add>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>

sidd-harth

Did you try with * ?

 <Header name="Access-Control-Allow-Origin">*</Header>

davidbutzjr

Yes, I have tried that. I don't recall why I changed it but I just put it back to *, saved it, and retested with the same results.