Solved: CORS policy in my API proxy when using OAuth 2.0 - Page 2

sidd-harth · 04-19-2015 11:58 PM

Hi guys I have a similar problem which @Zhongli Wu faced few days ago....

His thread - http://community.apigee.com/questions/2890/add-usable-cors-policy-in-my-api-proxy-when-using.html?so...

I tried @Maruti Chand and @mukundha@apigee.com solutions from that thread but they didn't work for me...

Here are my details...

CORS Policy...

<AssignMessage async="false" continueOnError="false" enabled="true" name="add-cors">
    <DisplayName>Add CORS</DisplayName>
    <FaultRules/>
    <Properties/>
    <Add>
        <Headers>
            <Header name="Access-Control-Allow-Origin">{request.header.origin}</Header>
            <Header name="Access-Control-Allow-Headers">{reqHeaders}</Header>
            <Header name="Access-Control-Max-Age">3628800</Header>
            <Header name="Access-Control-Allow-Methods">GET</Header>
        </Headers>
    </Add>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
  
</AssignMessage>

Ajax Call..

function displayMotorQuote(){
	
  var motorQuoteDetailsUrl = "https://siddharth1-test.apigee.net/i_vechile_quote-2";	
  
  $.ajax({
     url: motorQuoteDetailsUrl,
     type: 'GET',
 
 beforeSend: function(xhr) {
 // xhr.setRequestHeader("Access-Control-Allow-Origin", "*");
    xhr.withCredentials = true;
    xhr.setRequestHeader('Authorization', 'bearer 6Y1zOQfYMQztBGLo3oMVrB5Dvmm4');
  },

Error Details..

XMLHttpRequest cannot load https://siddharth1-test.apigee.net/i_vechile_quote-2. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 401.

I have attached my proxy...have a look at it..

i-vechile-quote-2-rev5-2015-04-20.zip

Report Inappropriate Content · test-rev1-2015-04-22.zip

Barahalikar Siddharth and @Zhongli Wu,

Looks like both of you have the same issues . I updated the proxy that was attached by @Barahalikar Siddharth here .

Made some modifications and pls use it as it is for your testing , Pls import on to your org, change the virtualhost and test with the browser to see if it is working as expected . In the network calls you should see below request and response headers .

Pls try it out and let me know if you see any issues . Once you have a working proxy , then you can modify as per your requirements.

OPTIONS /i_vechile_quote-2 HTTP/1.1
> Authorization: Basic YWRta
> User-Agent: curl/7.41.0
> Host: test.com
> Accept: */*
> Access-Control-Request-Method:GET
> Access-Control-Request-Headers:Accept, Authorization
> Origin:http://api.bob.com



< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: Accept, Authorization
< Access-Control-Max-Age: 3628800
< Access-Control-Allow-Methods: GET
< Content-Length: 0
< Set-Cookie: ap_44_SV=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
< Cache-control: private

> GET /i_vechile_quote-2 HTTP/1.1
> Authorization: Basic YWRta
> User-Agent: curl/7.41.0
> Host: test.com
> Accept: */*
> Origin:http://api.bob.com



//posting just headers here from the response


< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: *
< Content-Type: application/json
< Date: Wed, 22 Apr 2015 05:50:44 GMT
< Server: Apache-Coyote/1.1
< Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 21-Apr-2015 05:50:44 GMT
< x-apigee-serverprocessingtime: 82
< Content-Length: 4573
< Set-Cookie: ap_44_SV=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
< Cache-control: private

View solution in original post