Layer7 API Management

  • 1.  CORS Issue

    Posted May 04, 2018 07:16 AM

    Hi ,

     

    For CORS Preflight,when i use the CORS assertion,it is sending back Access-Control-Allow-Origin as a specific value.

    How can I change  Access-Control-Allow-Origin value as *.



  • 2.  Re: CORS Issue

    Posted May 04, 2018 08:27 AM

    Maybe I don't understand, but what's the point of using CORS if you want to allow any origin?



  • 3.  Re: CORS Issue

    Broadcom Employee
    Posted May 06, 2018 07:07 PM

    I agree "allow all" is too wide.

    But some times we don't really care about CORS, such as test env, or internal applications.

    We use CORS assertion is just because most modern browsers will block the connection if we don't use CORS assertion.



  • 4.  Re: CORS Issue

    Broadcom Employee
    Posted May 06, 2018 07:04 PM

    Dear Sonalee ,

    This can be configured on the properties of the CORS assertion.

    On the "Accepted Origins", if the options "Allow All" is selected, it will set Access-Control-Allow-Origin value as *.

    for more details, and sample code, please refer to, Process CORS Request Assertion - CA API Gateway - 9.2 - CA Technologies Documentation 

     

    Regards,
    Mark



  • 5.  Re: CORS Issue

    Posted May 08, 2018 05:17 AM

    Hi Mark,

     

    I have set it to Allow All but still the Access-Control-Allow-Origin value is not *.

     



  • 6.  Re: CORS Issue
    Best Answer

    Broadcom Employee
    Posted May 08, 2018 07:53 PM

    Dear Sonalee ,

    We may need to check your policy, it's better to open a support ticket to investigate further.

     

    Regards,

    Mark