How to implements CORS in API Gateway?

juan.villalon · August 17, 2022, 5:05pm

I’m having problems how to implements CORS policy into an API of API Gateway, the software AG documentation isn’t clear how to use and what will be parameters, for example if I want to restrict access for example by method.

Also, the documentation said about check one property:

If you want to apply this policy in API Gateway at API level, make sure you have set the watt.server.cors.enabled property to false.

But the problem is that property don’t see in my API Gateway:

So, I don’t how to apply this policy in API Level of it is a bug?

The version is API Gateway 10.12.0.1

The instance is a production instance.

Thanks.

Christoph_Souris · August 18, 2022, 7:28am

I presume this is an on-premise installation.

Are these all the keys you can see under “Show and hide keys”? That should be more.
Have you tried logging onto the Integration Server console (same machine, port 5555) and check the keys there? Under Settings > Extended you have access to the full list of extended settings.

Cheers, Christoph

reamon · August 18, 2022, 2:58pm

As @Christoph_Souris notes, you can select additional keys to view via the Show and hide keys.

That said, you likely don’t need to configure this at the server level. Instead, configure CORS for the API of interest using the Response Processing policy. In that you can specify the allowed origins, headers, credentials and methods.

A note of caution – the way one specifies the list of allowed headers, etc. in the policy differs from how it is specified in the server level config. For server level config it accepts a comma-delimited list. The policy needs to have each entry on its own – click the Add button multiple times, don’t enter a delimited list.

juan.villalon · August 18, 2022, 9:02pm

This is version is a SaaS (Cloud), so in the documentation talks about validate an specific watt propertie,

If you want to apply this policy in API Gateway at API level, make sure you have set the watt.server.cors.enabled property to false

but the problem it’s we can’t see that property in list of properties; so for example i’m trying to understand how to use CORS policy, for example whether want to block some method (GET) of my API is it possible with CORS policy?

Thanks

Christoph_Souris · August 19, 2022, 5:57am

If you are using the webMethods.io API cloud, this is the documentation to use:

https://docs.webmethods.io/api/10.5.0/webmethods_api_cloud__api_gateway_user_s_guide/chapter5/#cors

You don’t need to set this extended setting there. Also, CORS is for the entire API, you can’t just have this for a single method or resource.
Maybe split the resources into two APIs? CORS/Non-CORS?

system · February 15, 2023, 5:57am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Adding CORS to a Single API in webMethods API Gateway using Response Processing webMethods , API-Management , API-Portal , API-Gateway	3	1278	October 9, 2023
CORS Issue for getAccessToken webMethods , API-Management , API-Portal , API-Gateway	6	936	February 3, 2024
How to change the timeout of an HTTP request at the API level instead of changing it globally? webMethods , API-Management , API-Gateway	12	11466	March 27, 2023
API Gateway Auth using MWS LDAP config webMethods , MWS-CAF-Task-Engine , Integration-Server-and-ESB , API-Management , API-Gateway	6	1003	February 20, 2023
Best mechanism to expose wM.io Integration assets to wM.io API Gateway webMethods , webMethods-io-Integration , webMethods-cloud	13	1093	May 25, 2024

How to implements CORS in API Gateway?

Related topics