This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

CORS policy: Response to preflight request doesn't pass access control check

Posted on 06-19-2023 06:13 PM
liux99
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I am using current GCP apigee X.

I have OAuth V2 token checking on the proxy, and I configured the proxy policy as:

  <PreFlow name="PreFlow">
    <Condition>request.verb != "OPTIONS" </Condition>
    <Request>
      <Step>
        <Name>verify-oauth-v2-access-token</Name>
      </Step>
      <Step>
        <Name>remove-header-authorization</Name>
      </Step>
    </Request>
    <Response>
    </Response>
  </PreFlow>
 
<DefaultFaultRule name="DefaultFaultRule">
    <Step>
      <Name>add-cors</Name>
    </Step>
    <AlwaysEnforce>true</AlwaysEnforce>
  </DefaultFaultRule>
But when I debug the flow, the verify-oauth-v2-access-token still get executed and throw error of invalid token, and I expect the DefaultFaultRule would handle the error and  add Cors in the response header, but apparently it doesn't.

Always got followng error:  CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Any idea?

1 3 4,948
Topic Labels
3 REPLIES 3