Solved: CORS Policy Execution Clarification

dpatty · 05-16-2022 05:58 AM

Hi ,

I have implemented CORS in apigee SAAS using Assign message policy with separate conditional flow for OPTIONS . Also in route rule not routing to backend if it is option .

Apigee X / Hybrid has support for CORS with CORS policy . I am not clear by simple just adding this policy in proxy pre flow as first step with required config will ensure same ?

Also having this tag in policy - <GeneratePreflightResponse>true</GeneratePreflightResponse>

Or I have to add it in conditional flow and also add condition is route rule for option for not to route to target backend .

Best Regards,

Patty

dchiesa1

No Condition is necessary.

The CORS policy sort of "takes care of that" for you. Just attach it into the Request Preflow of your proxy, set the GeneratePreflightResponse to true, and the policy takes care of the rest.

Just reading the guide material for CORS in the Apigee documentation, I see that it is not clear and not accurate. I can understand why you'd have the questions you're asking. I'll make sure to get the policy documentation fixed up so it describes the policy more effectively. (ref b/208823956)

View solution in original post

dchiesa1

No Condition is necessary.

The CORS policy sort of "takes care of that" for you. Just attach it into the Request Preflow of your proxy, set the GeneratePreflightResponse to true, and the policy takes care of the rest.

Just reading the guide material for CORS in the Apigee documentation, I see that it is not clear and not accurate. I can understand why you'd have the questions you're asking. I'll make sure to get the policy documentation fixed up so it describes the policy more effectively. (ref b/208823956)

dpatty

Thank you so much for quick clarification .

Regards,Patty