Layer7 API Management

  • 1.  CORS Failing in IE when passing 3 headers

    Posted Apr 10, 2018 10:22 AM

    I have HTTP GET/POST request where I need to pass 2 headers ( id and secret).Whenever I am trying access this resource from IE, it always fail with error message 

    SEC7123: Request header secret was not present in the Access-Control-Allow-Headers list.

    However this works perfectly fine when I am trying access from Mozilla/Chrome. Also if I pass only one header in place of 2, this request goes through.

     

    headers: {

                                                      'Content-Type':'application/x-www-form-urlencoded',

                                                      'Id': '**************************',                  

                                                      'Secret':'428******723989'

                                          }

     

    Can somebody help us ?



  • 2.  Re: CORS Failing in IE when passing 3 headers

    Posted Apr 17, 2018 04:37 AM

    Any body has got any idea on this issue ? Really appreciate is somebody can help me here...



  • 3.  Re: CORS Failing in IE when passing 3 headers
    Best Answer

    Posted Sep 24, 2018 03:16 PM

    I've been messing with this issue also and we've found a fix for it.

    CA API gateway will be returning multiple headers of Access-Control-Allow-Headers.

    IE will only process the first one, throwing an error when you're expecting multiple values as you described.

     

    Here's the fix:

    cors IE fix ca api



  • 4.  Re: CORS Failing in IE when passing 3 headers

    Posted Oct 10, 2018 12:59 PM

    This worked for me as well when I encountered the same issue. I was told by CA that they fixed this in 9.3, however I'm running 9.3 and it still seems to be an issue in IE 11. Using these assertions was the only way I could get around it. 



  • 5.  Re: CORS Failing in IE when passing 3 headers

    Posted Oct 12, 2018 08:22 AM

    Found same issue with CORS and IE 11. Thanks for the info !

     

    regards, Roberto 



  • 6.  RE: Re: CORS Failing in IE when passing 3 headers

    Posted Oct 23, 2019 04:29 PM

    cors.useMultiValuedHeaders

     

    Controls whether the Process CORS Request assertion uses multi-valued headers.

     

    Default: false

     

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-4/policy-assertions/assertion-palette/access-control-assertions/process-cors-request-assertion.html#concept.dita_b2bd3269b77dae921baebcdc736012b76c0f628a_ClusterProperties