Reputation: 832
Azure APIM: new Developer portal requires CORS to test the API
I'm trying to configure my API in Azure APIM so it can be called by the new Azure APIM Developer Portal (still in preview at the moment). When I try to call the API from the dev portal, I have an error telling me that I need to configure CORS to allow a call from the dev portal. I added the CORS policy to my API (with origin=*, for testing purposes) and I still have the same issue. Am I missing something?
Upvotes: 0
Views: 2206
Answers (3)
Reputation: 832
Here is the exact policy that should be applied:
<cors>
<allowed-origins>
<origin>*</origin>
</allowed-origins>
<allowed-methods>
<method>GET</method>
<method>POST</method>
<method>PUT</method>
<method>DELETE</method>
<method>HEAD</method>
<method>OPTIONS</method>
<method>PATCH</method>
<method>TRACE</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
Source: https://github.com/Azure/api-management-developer-portal/issues/290#issuecomment-551088484
Upvotes: 1
Reputation: 5222
I did this at the all API operations level and had to include 'Access-Control-Allow-Origin' header.
<cors allow-credentials="true">
<allowed-origins>
<origin>*YourDomain*</origin>
</allowed-origins>
<allowed-methods>
<method>GET</method>
<method>POST</method>
</allowed-methods>
<allowed-headers>
<header>Ocp-Apim-Subscription-Key</header>
<header>Access-Control-Allow-Origin</header>
<header>Content-Type</header>
</allowed-headers>
</cors>
Upvotes: 1
Reputation: 104
You may want to adjust it, but this should do the trick:
<cors>
<allowed-origins>
<origin>*</origin>
</allowed-origins>
<allowed-methods>
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
Upvotes: 2
Related Questions
- How configure Azure API Management for CORS
- CORS Preflight request not working with Azure API Management
- Azure API Management CORS Issue
- Unable to send test requests to backend APIs using the Azure APIM interactive portal
- Azure APIM getting CORS error on API Post method
- Azure API Management Services updating CORS to allow OPTIONS
- Failed to call APIs from web page behind Azure APIM due to CORS issues
- Azure API Management CORS: Why do I get "Headers starting with 'Access-Control-' were removed..."
- CORS for Azure APIM only working when set on operations and not on product level
- Azure API Management doesn't send CORS header on 4xx