...
Code Block | ||||
---|---|---|---|---|
| ||||
<CORSConfiguration> <Enabled>true</Enabled> <Access-Control-Allow-Origin>*</Access-Control-Allow-Origin> <Access-Control-Allow-Methods>GET,PUT,POST,DELETE,PATCH,OPTIONS</Access-Control-Allow-Methods> <Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction</Access-Control-Allow-Headers> </CORSConfiguration> |
Note |
---|
This configuration is only valid for APIs created through the API manager Publisher application. All the other Oauth token related APIs (/authorize, /revoke, /token, /userinfo) are not effected from this. To enable CORS configuration to these APIs as well, see "Enabling CORS for Oauth Token related APIs". |
Next, let's see how to add the header as a parameter to the API Console.
...
You have added SOAP parameters to the API Console and invoked a SOAP service using the API Console.
Enabling CORS for Oauth Token related APIs
Enabling CORS configuration through api-manager.xml is only valid for APIs created through the API manager Publisher application. Hence enabling CORS for Oauth token related APIs (/authorize, /revoke, /token, /userinfo) can be carried out as follows.
Based on the API that you need to enable CORS, add the following handler configuration to the relevant API synapse file present in <APIM_HOME>/repository/deployment/server/synapse-configs/default/api/ folder. It should be added within the <handlers> parent element.
Code Block | ||
---|---|---|
| ||
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
<property name="apiImplementationType" value="ENDPOINT"/>
</handler> |
The following are the mappings of the synapse files corresponding to the Oauth token related APIs.
Endpoint | Synapse configuration |
---|---|
/authorize | _AuthorizeAPI_.xml |
/revoke | _RevokeAPI_.xml |
/token | _TokenAPI_.xml |
/userinfo | _UserInfoAPI_.xml |