...
Code Block |
---|
language | xml |
---|
title | CORS configurations in api-manager.xml |
---|
|
<CORSConfiguration>
<Enabled>true</Enabled>
<Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>
<Access-Control-Allow-Methods>GET,PUT,POST,DELETE,PATCH,OPTIONS</Access-Control-Allow-Methods>
<Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction</Access-Control-Allow-Headers>
</CORSConfiguration> |
Note |
---|
This configuration is only valid for APIs created through the API manager Publisher application. All the other Oauth token related APIs (/authorize, /revoke, /token, /userinfo) are not affected from this. To enable CORS configuration to these APIs as well, see Enabling CORS for Oauth Token related APIs. |
Next, let's see how to add the header as a parameter to the API Console.
...
You have added SOAP parameters to the API Console and invoked a SOAP service using the API Console.
Enabling CORS configuration through api-manager.xml
is only valid for APIs created through the API manager Publisher application. Hence enabling CORS for Oauth token related APIs (/authorize, /revoke, /token, /userinfo) can be carried out as follows.
Based on the API that you need to enable CORS, add the following handler configuration to the relevant API synapse file present in <APIM_HOME>/repository/deployment/server/synapse-configs/default/api/
folder. It should be added within the <handlers>
parent element.
Code Block |
---|
|
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
<property name="apiImplementationType" value="ENDPOINT"/>
</handler> |
The following are the mappings of the synapse files corresponding to the Oauth token related APIs.
Endpoint | Synapse configuration |
---|
/authorize | _AuthorizeAPI_.xml |
/revoke | _RevokeAPI_.xml |
/token | _TokenAPI_.xml |
/userinfo | _UserInfoAPI_.xml |