This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Only return supported methods in the "Access-Control-Allow-Methods" header

Posted on 09-19-2019 01:17 AM
michaelolsen
New Member
Reply posted on --/--/---- --:-- AM

Hi, is there any good way to return only the allowed methods in the "Access-Control-Allow-Methods" header? We are currently using the adding-cors-support-api-proxy policy, but it adds all methods.

We'd like our proxy to return the methods which have corresponding condition mappings

<Condition>
	(request.verb = "GET") AND (proxy.pathsuffix MatchesPath "/userinfo")
</Condition>

We are currently looking at implementing it by adding the methods trough assign message policies:

<Flow name="getUserInfo">
	<Description>Get user info</Description>
	<Request>
		<Step>
			<Name>amAddGetToSupportedMethods</Name>
		</Step>
	</Request>
	<Request>
		<Step>
			<Name>amAddPutToSupportedMethods</Name>
		</Step>
	</Request>
	<Condition>
  		(request.verb = "GET") AND (proxy.pathsuffix MatchesPath "/userinfo")
	</Condition>
	<Condition>
  		(request.verb = "PUT") AND (proxy.pathsuffix MatchesPath "/userinfo")
	</Condition>
</Flow>

Is there a better way of doing this?

Edit:

For clarification, we'd like to define the supported methods per endpoint and not for the entire proxy as the supported methods may vary from endpoint to endpoint within the same proxy.

1 4 357
Topic Labels
4 REPLIES 4
Top Solution Authors
View all