Layer7 API Management

Expand all | Collapse all

CORS Issue

Jump to Best Answer
  • 1.  CORS Issue

    Posted 05-04-2018 07:16 AM

    Hi ,


    For CORS Preflight,when i use the CORS assertion,it is sending back Access-Control-Allow-Origin as a specific value.

    How can I change  Access-Control-Allow-Origin value as *.

  • 2.  Re: CORS Issue

    Posted 05-04-2018 08:27 AM

    Maybe I don't understand, but what's the point of using CORS if you want to allow any origin?

  • 3.  Re: CORS Issue

    Posted 05-06-2018 07:07 PM

    I agree "allow all" is too wide.

    But some times we don't really care about CORS, such as test env, or internal applications.

    We use CORS assertion is just because most modern browsers will block the connection if we don't use CORS assertion.

  • 4.  Re: CORS Issue

    Posted 05-06-2018 07:04 PM

    Dear Sonalee ,

    This can be configured on the properties of the CORS assertion.

    On the "Accepted Origins", if the options "Allow All" is selected, it will set Access-Control-Allow-Origin value as *.

    for more details, and sample code, please refer to, Process CORS Request Assertion - CA API Gateway - 9.2 - CA Technologies Documentation 



  • 5.  Re: CORS Issue

    Posted 05-08-2018 05:17 AM

    Hi Mark,


    I have set it to Allow All but still the Access-Control-Allow-Origin value is not *.


  • 6.  Re: CORS Issue
    Best Answer

    Posted 05-08-2018 07:53 PM

    Dear Sonalee ,

    We may need to check your policy, it's better to open a support ticket to investigate further.