To implement CORS functionality in our gateway , we have mentioned few Accepted Header and Allowed Methods to Process CORS Request Assertion .
Is it possible to set those Accepted Header and Allowed Methods values in response headers? If yes please suggest me on how to implement.
And what is the purpose of variable.prefix in Process CORS Request Assertion . Can we extract specified details with it ?
Thanks in advance.
Good afternoon. The CORS assertion will set the Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Headers, and Access-Control-Max-Age headers when the Option HTTP method is used along with specified values in each of the tabs of the assertion during the pre-flight test.
As for the variable prefix, it is used to create a prefix to the following context variables that can be used in additional policy logic.
<prefix>.isPreflight Returns "true" if the request is a preflight request, otherwise returns "false".
Returns "true" if the request is a CORS request (contains the Origin header), otherwise returns "false".
Note: This variable always returns "true" if <prefix>.isPreflight is "true".
Stephen HughesDirector, CA Support