This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

CORS policies headers fail

Posted on 06-09-2021 06:09 AM
murhaforarticle
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi everyone,

I've got a problem.

I would like to use Apigee Spec swagger, but it produced "Access to fetch at 'https://xxx' from origin 'https://apigee.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled." error.

I adjusted my endpoints as it was defined there https://docs.apigee.com/api-platform/develop/adding-cors-support-api-proxy

I created standard policy:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="add-cors">
<DisplayName>Add CORS</DisplayName>
<FaultRules/> 
<Properties/> 
<Set>
	<Headers>
		<Header name="Access-Control-Allow-Origin">*</Header>
		<Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept, content-type, authorization</Header>
		<Header name="Access-Control-Max-Age">3628800</Header>
		<Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
	</Headers> 
</Set> 
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="response"/> 
</AssignMessage>

and put it in all flows and in requests and responses sections.

It does not have any effect.

I do not have this headers on response:

11068-missed-headers.jpg

Which could be a season of that?

Thank you!

Solved Solved
0 13 5,111
Topic Labels
Jump to Solution
0 Likes
Reply
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
murhaforarticle
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Seems, I have found something.

Swagger UI in APIs Specs sends "Authorization: BearerToken ..." instead on "Authorization: Bearer ..."

Token check fails and error response is returned back to the browser without of CORS headers.

Trying to overcome that.

Seems its Apigee Swagger issue

View solution in original post

Jump to Solution
Reply

Posted on --/--/---- --:-- AM
murhaforarticle
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Yes, It was token issue with Apigee Swagger...

I just used 

securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer

instead of OAuth2 and

added 

security:
- BearerAuth: []

to the endpoins definition

And input token instead of creds.

And ApiSpecs started working.

The reason: I did not added headers on error responses.

Thats it.

Hope it will be useful for another.

View solution in original post

Jump to Solution
0 Likes
Reply
13 REPLIES 13
Top Solution Authors
View all