lonelearner
Reputation: 1837
How to configure response body of CORS error in Azure APIM Policy
I am using Azure API Management. And I added the CORS policy to my inbound section.
I noticed that I am getting a 200 status code and empty response body when the origin is not in the allowed-origin, e.g. if my origin header is https://google.com. That is due to the behaviour of terminate-unmatched-request.
However, I don't want the response body to be empty. I want my response body to return {"msg":"COR issue"}.What should i do? I know there are similar questions out there but Ican't find any working solution so far.
<cors allow-credentials="false" terminate-unmatched-request="true">
<allowed-origins>
<origin>https://happygamer.com</origin>
</allowed-origins>
<allowed-methods>
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
Upvotes: 0
Views: 58
Answers (1)
Ikhtesam Afrin
Reputation: 6497
Use the given policy to get the response body and status code as well for CORS errors.
<policies>
<inbound>
<cors allow-credentials="false" terminate-unmatched-request="true">
<allowed-origins>
<origin>https://happygamer.com</origin>
</allowed-origins>
<allowed-methods>
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<choose>
<when condition="@(context.Request.Headers.GetValueOrDefault("Origin") != null && context.Request.Headers.GetValueOrDefault("Origin") != "https://happygamer.com")">
<return-response>
<set-status code="403" reason="Forbidden" />
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
<set-body>{"msg":"CORS issue"}</set-body>
</return-response>
</when>
</choose>
</inbound>
</policies>
Output-
Upvotes: 1
Related Questions
- CORS Preflight request not working with Azure API Management
- Azure Api Management - cors policy. Cannot provide <allowed-origins> from named values dynamically
- Azure APIM Validate-Content Inbound policy, Validate Request Body
- Azure APIM returns empty response body with status code 200 on preflight and GET requests made from axios
- CORS - Enabled localhost origin on Azure API Management, but still receiving error
- Azure APIM getting CORS error on API Post method
- Azure API Management Services updating CORS to allow OPTIONS
- Azure API Management : Origin header was missing or empty and the request was classified as not cross-domain. CORS policy was not applied
- Api Management return empty response if origin header is present
- Azure API Management doesn't send CORS header on 4xx