Open Sarangan0219 opened 3 years ago
@isharac, please clarify because it looks like you have made this change.
APIM 4.0.0 gateway no longer proxying the identity endpoints. Therefore we cannot enable cors for the endpoints using XML files. so the invalid content was removed from the 4.0.0 docs space. We need to refer to IDP documentation to find how to do it.
Hi Team,
Even the CORS configuration is added using documentation[1] with APIM-4.2.0, still the i was getting the following error.
Access to XMLHttpRequest as 'https://localhost:9445/oauth2/token' from origin 'http://localhost:3001' has been
blocked by CORS policy: Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
I was able to get it working by referring to SOF[1] by adding
<bean id="cors-filter" class="org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter">
<property name="allowHeaders">
<list>
<value>Authorization</value>
<value>X-WSO2-Tenant</value>
<value>content-type</value>
</list>
</property>
<property name="exposeHeaders">
<list>
<value>Content-Disposition</value>
</list>
</property>
<property name="allowCredentials" value="true" />
<property name="allowOrigins"
value="http://localhost:3000"/>
</bean>
as another been along with the others and
<ref bean="cors-filter" />
under <jaxrs:providers>
tag
in the
Hi All,
When trying out with the APIM-4.2.0(U26) a similar behaviour was observed relevant to the cors. As per the docs to enforce the cors for the 'token' endpoint the documentation[1] is pointed out under the IS doc space.
But with the suggested configurations it was not possible to allow selected origins in APIM-4.2.0. During the analysis, it was observed that it is required to add the following valve under catalina-server.xml to use the Cors configurations
<Valve className="org.wso2.carbon.identity.cors.valve.CORSValve"/>
But the relevant class was not there in the APIM-4.2.0, so had to add the corresponding jar, 'org.wso2.carbon.identity.cors.mgt.core_5.23.8.jar' to the APIM server and with these two changes was able to use the following configuration effectively in the APIM-4.2.0
[cors]
allow_generic_http_requests = true
allow_any_origin = false
...
Kindly have a look at this pointed scenario.
Best Regards, Janith.
Description:
This Enabling CORS for OAuth Token related Endpoints doc is pointing to IS CORS doc to perform the intended configuration. But in the IS doc there is no information related to Enabling CORS for OAuth Token-related Endpoints.
Is there any reason to remove this content from this section and point to the IS docs?
Affected Version:
APIM 4.0.0