CODEWITHSUNDEEP
mulemule-studioanypoint-studiomulesoft
Sandeep Deshmukh
Sandeep Deshmukh

Reputation: 23

How to configure CORS in Mule 4 without using API manager?

We are trying to call the mule service from angular app and getting a CORS error.

Our project is having issues when we added the CORS interceptor in http config in global.xml.

<http:listener-config name="api-httpListenerConfig">
    <http:listener-connection host="${http.host}" port="${http.private.port}" />
<http:listener-interceptors>
        <http:cors-interceptor allowCredentials="true">
            <http:origins>
                <http:origin url="*" accessControlMaxAge="0">
                    <http:allowed-methods>
                        <http:method methodName="GET" />
                        <http:method methodName="POST" />
                        <http:method methodName="DELETE" />
                        <http:method methodName="OPTIONS" />
                        <http:method methodName="HEAD" />
                        <http:method methodName="PUT" />
                    </http:allowed-methods>
                     <http:allowed-headers>
                        <http:header headerName="X-Allow-Origin" />
                    </http:allowed-headers>
                </http:origin>
            </http:origins>
        </http:cors-interceptor>
    </http:listener-interceptors> 
</http:listener-config>

GET service should not be blocked by CORS policy in browser.

Upvotes: 0

Views: 2236

Answers (1)

Amaresh Kulkarni
Amaresh Kulkarni

Reputation: 326

API manager lets you keep gateway logic (CORS negotiation, authentication/authorization, traffic management etc. ) out of your Mule application. But if this is an internal app and does not really benefit with an API gateway, here is one way to handle CORS in the Mule application:

  1. Implement Options method in your API. This will have to be done independently on all the resources that the other origin will call or try (not sure of the possibility, especially with APIKitRouter in place) implementing options on a regex pattern to handle for all resources.
  2. Return the Access-Control-Allow-Origin header on the listener with the origins that are trying to access the request. Also add the appropriate Access-Control-Allow-Methods, and Access-Control-Allow-Origins headers with appropriate values.

The interceptor may be intended for the same purpose but trying it was unfruitful.

Upvotes: 2

Related Questions