...
- Open the
<API-M_HOME>/repository/conf/api-manager.xml
file. Locate the following configuration and set the
<Enabled>
attribute totrue
with the required CORS headers in the response. Once this configuration is applied in the API Gateway, it will affect all the API calls served by the Gateway.Code Block language xml <!-- Configuration to enable/disable sending CORS headers in the Gateway response and define the Access-Control-Allow-Origin header value.--> <CORSConfiguration> <!-- Configuration to enable/disable sending CORS headers from the Gateway--> <Enabled>true</Enabled> <!-- The value of the Access-Control-Allow-Origin header. Default values are API Store addresses, which is needed for swagger to function. --> <Access-Control-Allow-Origin>*</Access-Control-Allow-Origin> <!-- Configure Access-Control-Allow-Methods --> <Access-Control-Allow-Methods>GET,PUT,POST,DELETE,PATCH,OPTIONS</Access-Control-Allow-Methods> <!-- Configure Access-Control-Allow-Headers --> <Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction</Access-Control-Allow-Headers> <!-- Configure Access-Control-Allow-Credentials --> <!-- Specifying this header to true means that the server allows cookies (or other user credentials) to be included on cross-origin requests. It is false by default and if you set it to true then make sure that the Access-Control-Allow-Origin header does not contain the wildcard (*) --> <Access-Control-Allow-Credentials>false</Access-Control-Allow-Credentials> </CORSConfiguration>
Info By default CORS configuration is enabled. Access control can be done by changing the aforementioned parameters from the api-manager.xml