Solved: Developer Portal

jjjegath · 01-21-2019 01:04 AM

I have added yaml definition for my API which published in the developer portal .I am able to see the API operations in the window but when i execute the API ,I am getting isTrusted": true in the response.

Can you guys help me to sort out this issue

PFA screen short for your reference.execute.jpg execute1.jpg

nagashree_b

@Jegath Kumar, Ensure you are responding to the preflight requests (HTTP options verb ) with CORS headers. Check the below docs on how to handle preflight requests

https://docs.apigee.com/api-platform/develop/adding-cors-support-api-proxy

View solution in original post

nagashree_b

@Jegath Kumar, Ensure you are responding to the preflight requests (HTTP options verb ) with CORS headers. Check the below docs on how to handle preflight requests

https://docs.apigee.com/api-platform/develop/adding-cors-support-api-proxy

jjjegath

@Nagashree B

I have added cors headers in the pref low of target endpoints,but still issue is there.PFA Screen shots for your reference.Do you think i need make any other changes or place i have added cors headers are not correct.

nagashree_b

@Jegath Kumar

Check if you have Authorization header included in "Access-Control-Allow-Headers". From the screenshots, it doesn't show the Authorization header received in the request at Apigee

jjjegath

@Nagashree B I have added Authorization header in the Access-Control-Allow-Headers.When i have enabled the trace i am getting this error mentioned in screen shot.Can you please help me here.

nagashree_b · testcors-rev1-2019-02-06-1.zip

@Jegath Kumar I am attaching a working sample - swagger spec and proxytestcors-rev1-2019-02-06-1.zip test-swaggerjson.txt, check if this gives you some clue. I have tested it on my free-org integrated dev portal and works fine.

The key is - you should be able to provide the preflight response when you receive the OPTIONS request

jjjegath

@Nagashree B Thanks it was very helpful.It worked for the access token method,however it doesn't work for the other get method.Please find the images for your reference. Can you please help me here.

nagashree_b

@Jegath Kumar try this updated version. The issue was - the devportal is sending the request as /testcors/ and the api proxy was expecting /testcors, so no conditional flows were getting satisfied and the CORS headers were not being returned in the response. I have added the CORS headers in the preflow response for all requests and this should work.testcors-rev1-2019-02-07-1.zip

You can also turn on the developer tools->console on chrome browser. It will help you debug the issue. You can see the attached image that shows which CORS header is missing or what's the error. For example, I used an expired token and the flow did not have any CORS headers returned for the error scenario. The devportal just shows "isTrusted": "false" value. Whereas a combination of the chrome dev console and the trace can help you identify the issue.

If this helps you resolve the issue, you can accept the answer.

jjjegath

@Nagashree B Attached zip is got corrupted it seems, i am not able to download .could you please upload the correct one .Thanks

nagashree_b · testcors-rev1-2019-02-07-1.zip

Re-uploading the attachments

testcors-rev1-2019-02-07-1.zip

devportal-requests.jpg

acesstokenexpired.jpg

jjjegath

@ Nagashree Thanks a lot for your help.

arungopal

@Jegath Kumar to help narrow down the issue, can you trace the proxy to catch the call that originates from the portal ? This will confirm what your backend is responding and if CORS policy is getting executed.

jjjegath

developer-portal.zip @arungopal Please find attached all screen shots for your reference.

arungopal

@Jegath Kumar From the trace, we see that the OPTIONS call is failing. Can you please refer to the solution proposed here : https://community.apigee.com/questions/22/apigee-pre-flight-options-requests.html