Layer7 API Management

Expand all | Collapse all

How to handle CORS in LAC

  • 1.  How to handle CORS in LAC

    Posted 10-21-2018 01:07 PM

    When we request to any function or Resource endpoint we get certain response headers as shown below

    I need to change this header.

    For Example, my function which is created in LAC only has a GET method than in the response header I should only have GET Method.

    Same for Access-Control-Allow-Origin we need to have a specific domain and not the "*".

    I have also seen the examples in response events which come with LAC5.0 in which we can customize the CORS, but how we can use them?

     

    What is the best practice to handle this?

     

     

    Thanks,

    Irfan



  • 2.  Re: How to handle CORS in LAC

    Posted 10-21-2018 09:33 PM

    Hello Irfan,

     

    The CORS handling in LAC 5.0 is explained here:

    https://docops.ca.com/ca-live-api-creator/5-0/en/developing-apis/extensibility/event-handlers#EventHandlers-HTTPOptionsEventHandlers

     

    It is necessary to code an EventHandler with Javascript but I found an example was provided in the LAC GUI.

     

    Cheers,

    Seiji



  • 3.  Re: How to handle CORS in LAC

    Posted 10-22-2018 01:57 AM

    Hi Seiji,

     

    We have tried the same in LAC5.0 but still i am facing the issue.

    I have added the example and change the req.resourceName with the my resource name which i am requesting but still am getting the same http header response with * in the Access-Control-Allow-Origin.

     

    Please guide me on this.

     

     

     

    Thanks,

    Irfan



  • 4.  Re: How to handle CORS in LAC

    Posted 10-22-2018 04:52 AM

    Hi Irfan,

     

    I'm sorry. I thought this example would be applicable to CORS headers in general but it was limited to "preflight" requests. It was explained in the Background section of the Context help as below:

     

    Example: Modify CORS Response
    Background
    Cross domain requests for resources in another domain triggers preflighted requests that first send an HTTP request with OPTIONS as the HTTP Method. This is done to determine whether the actual request is safe. For more information about CORS, see here

     

    I looked for any possibilities to rewrite the CORS headers but I couldn't find anything unfortunately.
    I'd like to suggest opening a support case with your detailed requirements.

     

    Best regards,
    Seiji