CORS error on Delete method

sidd-harth
Participant V

Hi guys, I have an proxy with Apikey,oAuth,Cors and other policies.

GET Method(through Ajax) works fine without any CORS error.

In the same proxy I'm trying to delete an entity using it's UUID through an Ajax call, then I'm getting CORS.

721-delete.png

In similar fashion I was able to perform PUT method(in a different proxy).

PUT-

719-put.png

Why I'm I not getting the response headers while Delete method?

@Mukundha Madhavan @Anil Sagar @sudheendra1

0 20 5,952
20 REPLIES 20

Dear @Barahalikar Siddharth , Can you please attach the policy to "The response preflow of the TargetEndpoint of the API proxy." and then try again ?

@Anil Sagar I have tried it, still I'm getting CORS. Any other way to get rid of it?

Not applicable

Try adding this header in your respose/cors policy, check if it works

Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE

Yeah @sriki77 I have tried that, I still get CORS error.

This same proxy with same policies works perfectly for get,post,put methods, why doesn't it work for delete?

It could be due to preflight request. Can you try the DELETE request from POSTMAN?

@sudheendra1

Yes I've tried Postman and succeeded Delete request through Postman.

Not applicable

What are you using to test? I tried using test-cors.org. It works fine

Well actually I have an webpage which on loading GET the data from BaaS and onClick of an button, through Ajax call I'm trying to DELETE.

I'm trying this in Mozilla Firefox.

sidd-harth
Participant V

@sudheendra1 @sriki77 @Anil Sagar

Guys the same thing I've tried in Chrome and it worked perfectly in the first try itself.

It still doesn't work in Mozilla Firefox, what can I do get this work in Firefox also?

@Barahalikar Siddharth , Are you saying it's browser issue ?

Frankly speaking, I don't know what is causing the issue because get,post,put methods works fine in Mozilla only issue is with delete method.

I'm trying to get info on this, I need to make delete method work in Mozilla also.

@Barahalikar Siddharth , Let me ask the same question in different way.. Does DELETE work on chrome ?

@Anil Sagar

Yes it works on chrome.

@Barahalikar Siddharth , Can you post the request message from Chrome & Firefox.. That might throw some light...

Dear @Barahalikar Siddharth ,

Can you change below in your policy & try ?

<Header name="Access-Control-Allow-Headers">*</Header>

<Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE,OPTIONS</Header>

Cheers,

Anil Sagar

@Anil Sagar Yeah this is the policy I'm using right now.

So it is happening because Firefox didn't authorize the API's SSL Certificate.

@Barahalikar Siddharth , Did Certificate work around solved the issue ?

@Anil Sagar actually no, the link which you provided says that, the backend should be authorized, for which the SSL Certificate of the API wasn't trusted by Firefox(so navigating to APIs endpoint with Firefox and we should edit to Trust Certificate)

Does BaaS(backend) send any certificate to Firefox?

If yes, what is it named?

If no, then what certificate should I be looking for?

Well I dont know much about ssl & certificates, I tried googling but it didn't work. So any help form you would be great.

I know basics about Apigee KeyStores and TrustStores, nothing much in depth.