For CORS Preflight,when i use the CORS assertion,it is sending back Access-Control-Allow-Origin as a specific value.
How can I change Access-Control-Allow-Origin value as *.
Maybe I don't understand, but what's the point of using CORS if you want to allow any origin?
I agree "allow all" is too wide.
But some times we don't really care about CORS, such as test env, or internal applications.
We use CORS assertion is just because most modern browsers will block the connection if we don't use CORS assertion.
Dear Sonalee ,
This can be configured on the properties of the CORS assertion.
On the "Accepted Origins", if the options "Allow All" is selected, it will set Access-Control-Allow-Origin value as *.
for more details, and sample code, please refer to, Process CORS Request Assertion - CA API Gateway - 9.2 - CA Technologies Documentation
I have set it to Allow All but still the Access-Control-Allow-Origin value is not *.
We may need to check your policy, it's better to open a support ticket to investigate further.