How to implements CORS in API Gateway?

I’m having problems how to implements CORS policy into an API of API Gateway, the software AG documentation isn’t clear how to use and what will be parameters, for example if I want to restrict access for example by method.

Also, the documentation said about check one property:

If you want to apply this policy in API Gateway at API level, make sure you have set the watt.server.cors.enabled property to false.

But the problem is that property don’t see in my API Gateway:

So, I don’t how to apply this policy in API Level of it is a bug?

The version is API Gateway 10.12.0.1

The instance is a production instance.

Thanks.

I presume this is an on-premise installation.

Are these all the keys you can see under “Show and hide keys”? That should be more.
Have you tried logging onto the Integration Server console (same machine, port 5555) and check the keys there? Under Settings > Extended you have access to the full list of extended settings.

Cheers, Christoph

As @Christoph_Souris notes, you can select additional keys to view via the Show and hide keys.

That said, you likely don’t need to configure this at the server level. Instead, configure CORS for the API of interest using the Response Processing policy. In that you can specify the allowed origins, headers, credentials and methods.

A note of caution – the way one specifies the list of allowed headers, etc. in the policy differs from how it is specified in the server level config. For server level config it accepts a comma-delimited list. The policy needs to have each entry on its own – click the Add button multiple times, don’t enter a delimited list.

This is version is a SaaS (Cloud), so in the documentation talks about validate an specific watt propertie,

If you want to apply this policy in API Gateway at API level, make sure you have set the watt.server.cors.enabled property to false

but the problem it’s we can’t see that property in list of properties; so for example i’m trying to understand how to use CORS policy, for example whether want to block some method (GET) of my API is it possible with CORS policy?

Thanks

If you are using the webMethods.io API cloud, this is the documentation to use:

https://docs.webmethods.io/api/10.5.0/webmethods_api_cloud__api_gateway_user_s_guide/chapter5/#cors

You don’t need to set this extended setting there. Also, CORS is for the entire API, you can’t just have this for a single method or resource.
Maybe split the resources into two APIs? CORS/Non-CORS?

1 Like