CORS not working for Access Token Expired error
Hi,
I have a CORS enabled proxy and it works fine for all the scenarios including the negative scenarios. . However, if the token is expired and apigee throws token expired error, it doesn't work. I get
isTrusted": true error on portal. can someone help? I should get the proper error for token expired error as well.
Hi Shivakumar, can you update your question with the details of the CORS policy you have used and the screenshot of F12 Developer Tools Console error when you are getting isTrusted": true error on the portal.
Best Answer
Answer by Nagashree B
·
Feb 26 at 06:19 PM
It appears you do not have the CORS headers included for error scenarios. Can you post your trace and the error from the console on the browser.
When an API proxy encounters an error, regardless of how it occurs, it exits the normal flow pipeline, enters an error state, and returns an error message to the client app. Once the API proxy enters the error state, it cannot return processing back to the normal flow pipeline.
So if you defined the Assign message policy to Add the CORS headers in the Respone flow, it will not get executed due to the token expired error. Try defining a default fault rule, with AlwaysEnforce set to true, with an Assign Message policy to include the CORS headers for all error scenarios
<DefaultFaultRulename="fault-rule"> <Step> <Name>Add-CORS-Headers</Name> </Step> <AlwaysEnforce>true</AlwaysEnforce> </DefaultFaultRule>
@Nagashree B thank you. Added the below step and it works fine now.
<DefaultFaultRule name="fault-rule">
<Step>
<Name>add-cors</Name>
</Step>
<AlwaysEnforce>false</AlwaysEnforce>
</DefaultFaultRule>
Glad it worked, you can accept the answer if it helped you.
