Hi ,
We are trying to add the CORS header but still getting the error → No “Access-control-allow-origin” Header is present on requested resource ,
following is our cors policy ,
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
Add CORS
*[
origin, x-requested-with, accept, MaxDataServiceVersion
3628800
GET, PUT, POST, DELETE, OPTIONS
true
This is our default.xml :
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
add-cors
request.verb == “OPTIONS”
/cb
default
request.verb == “OPTIONS”
default
Hello @Ramya S M
I’m not able to reproduce the error that you receive. Can you tell me more about when you receive the error? Is it during the OPTIONS request or during some other request? Also, please confirm from the trace that the OPTIONS requests returns 200 OK?
Hi @Ramya S M
The proxy config looks correct. Can you tell what are the actual values being passed for “Access-Control-Allow-Headers” ? You can find the actual values on the trace (during the OPTIONS call).
It could be possible that you are passing some other header that is not mentioned in policy (for eg. apikey, client_id, content-type, etc). If you pass, please include all of those in the policy for Access-Control-Allow-Headers header.
Hi @swilliams ,
I am getting the error for GET request and its returning a 200 OK status.
Hi @Sai Saran Vaidyanathan ,
These are the Request headers passed during an OPTIONS call ,
- Accept: /
- Accept-Encoding: gzip, deflate, sdch, br
- Accept-Language: en-US,en;q=0.8
- Access-Control-Request-Headers: accept, accept-language, maxdataserviceversion
- Access-Control-Request-Method: GET
- Connection: keep-alive
- Host:
- Origin:
- Referer:
- User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.3
Ok, then I am able to replicate the error. I missed this, but you should also send back the CORS headers on the the GET request. All resources must include the CORS headers in the response, including the OPTIONS request. If you include a fault handler, then your error responses should also include CORS headers.
Thanks , the solution worked.
@Ramya S M
@williamssean -
I am seeing the exact same issue and as per solution CORS needs to be added to GET but i see that you already had that.
GET, PUT, POST, DELETE, OPTIONS
And your condition had OPTIONS check which is what it comes as first for preFlight.
request.verb == “OPTIONS”
Do you mind explaining what actually you had changed to make this work?
In the “Access-Control-Allow-Headers”, add “Authorization”
hey guys, I implemented something like that and it served me correctly.
In the proxy enpoint we must place in the preflow the next call of a Flowcallout to invoke a sharedflow which will have the policy of CORS
FC-CORS
FC-OAuth2
Definition of flowcallout, where we invoke the sharedflow
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
FC-CORS
OPTIONS-CORS-Headers-Response
definition of sharedflow
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
OPTIONS-CORS-Headers-Response
request.verb == "OPTIONS"
definition of the policy of raisefull, where we will indicate the headers of Access-Control-Allow-Origin with * that will allow the invocation from our browser
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
OPTIONS CORS Headers Response
*
origin, x-requested-with, accept, ucsb-api-key, ucsb-api-version, authorization
3628800
GET, PUT, POST, DELETE
200
OK
true
Regars
Hello William, As I’m new to Apigee can you please elaborate on the answer. How can I get CORS header and how can I send it back?
Thanks
Hi, Solved the issue. This can be done by adding the following code in proxy endpoint preflow:
<PreFlowname="PreFlow">
<Request/>
<Response>
<Step>
<Name>add-cors</Name>
</Step>
# This step will add cors header in your preflow request
</Response>
</PreFlow>