Reputation: 16871
How can I modify Azure API base policy without completely overwriting it?
In Azure API Management, I'm trying to modify the CORS policy for a single route within the API. The problem I'm having is that I can't figure out how to modify the BASE policy. Azure seems to simply override it with the new policy.
Simple BASE policy:
<policies>
<inbound>
<cross-domain>
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
</cross-domain>
<cors>
<allowed-origins>
<origin>*</origin>
</allowed-origins>
<allowed-methods>
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
</cors>
</inbound>
<backend>
<forward-request />
</backend>
<outbound>
</outbound>
</policies>
In the specific route, I want to modify the <cors> section to include one more policy, like this:
<policies>
<inbound>
<base />
<cors>
<expose-headers>
<header>Content-Disposition</header>
</expose-headers>
</cors>
</inbound>
</policies>
However, Azure wants to override the base CORS policy with this one. I can't find anything in the documentation about how to just modify/merge a policy rather than wholesale replacing it.
So, how would I inherit the base policy but just add this one additional <expose-headers> policy?
Upvotes: 2
Views: 2846
Answers (1)
Reputation: 7810
That is not possible at the moment. They way policies work is once request scope is defined (product, API and operation are matched) the policy is constructed by replacing all tags with a policy from the upper level. Resulting effective policy is just a flat list of statements that are executed one after another. In that sense you have no control over parent policy on lower level.
But you can always insert things before parent policy is executed. For that just place another fully specified CORS policy before tag and in resulting policy it will be executed first.
Having multiple CORS policies per effective policy is fine, they'll be executed one after another and first one that is capable of handling CORS call (origin, method, headers match) will take action.
Upvotes: 3
Related Questions
- Script policy in Azure API management
- Disable a Azure API Managment policy in the operation scope which is set in the product scope
- How to add policy to Product in Azure API Management
- Need to modify response using Azure APIM set-body policy
- Add policies to groups of operations in Azure APIM
- Change scope of Azure API Mgmt Subscription
- stop global level policy execution at operation level
- Update Azure API Management Configuration
- Azure API Management policy search-and-replace
- Create/update Product Policy via REST in Azure API Management