WSO2 Api Manger 3.0.0 Token API CORS issue with Angular Application
I have been using WSO2 API Manager 3.0.0 single node setup. I am facing the challenge of invocation of Token APIs ( available at https://host:port/token?grant_type=client_credentials) that are used to get the token. After checking few blogs I have identified a couple of files requires changes. Theses are-
Files: _TokenAPI_.xml and _RevokeAPI_.xml
Files Location: /usr/lib64/wso2/wso2am/3.0.0/repository/deployment/server/synapse-configs/default/api
I have made the changes as per the below code -
<handlers>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
<property name="apiImplementationType" value="ENDPOINT"/>
<property name="allowHeaders" value="authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction"/>
<property name="allowedOrigins" value="*"/>
<property name="AuthorizationHeader" value="Authorization"/>
<property name="allowedMethods" value="GET,PUT,POST,DELETE,PATCH,OPTIONS"/>
<property name="allowCredentials" value="true"/>
</handler>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
</handlers>
I am using Angular application to invoke the token API but the invocation is still not successful and causing CORS issue. I have also tried to remove Underscore( _ ) from file names and renamed them as TokenAPI.xml and RevokeAPI.xml but still no luck. Can you please assist.Below is the complete XML for
_TokenAPI_.xml
<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2AMTokenAPI_" context="/token">
<resource methods="POST" url-mapping="/*" faultSequence="_token_fault_">
<inSequence>
<property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
<property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
<send>
<endpoint>
<http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token">
<timeout>
<duration>60000</duration>
<responseAction>fault</responseAction>
</timeout>
</http>
</endpoint>
</send>
</inSequence>
<outSequence>
<send/>
</outSequence>
</resource>
<handlers>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
<property name="apiImplementationType" value="ENDPOINT"/>
<property name="allowHeaders" value="authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction"/>
<property name="allowedOrigins" value="*"/>
<property name="AuthorizationHeader" value="Authorization"/>
<property name="allowedMethods" value="GET,PUT,POST,DELETE,PATCH,OPTIONS"/>
<property name="allowCredentials" value="true"/>
</handler>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
</handlers>
</api>
[EDIT] My API Manager and Angular Application is running on different environment i.e. different virtual machines.
Solution
You can use the API gateway CORS handler
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
in token API as well. Once added your _TokenAPI_.xml file should look like below
<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2AMTokenAPI_" context="/token">
<resource methods="POST" url-mapping="/*" faultSequence="_token_fault_">
<inSequence>
<property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
<property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
<send>
<endpoint>
<http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token">
<timeout>
<duration>60000</duration>
<responseAction>fault</responseAction>
</timeout>
</http>
</endpoint>
</send>
</inSequence>
<outSequence>
<send/>
</outSequence>
</resource>
<handlers>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
<property name="apiImplementationType" value="ENDPOINT"/>
<property name="AuthorizationHeader" value="Authorization"/>
</handler>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
</handlers>
</api>
- I migrated my javascript client to another domain and now cross site call to php api are not sharing the same php session
- CORS - Response to preflight request doesn't pass access control check: It does not have HTTP ok status
- How do i allow a CORS requests in my google script?
- Are there any browsers that set the origin header to "null" for privacy-sensitive contexts?
- Android Webview: disable CORS
- Cors issue local xampp server and react frontend
- Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?
- Cross-Origin Resource Sharing on GitHub Pages
- CORS issue with NGinx and fetch react native
- Preflight request from React Client with ASP.NET Core backend blocked by CORS policy
- Testing CORs in SpringBootTest
- How to fix "CORS 502 Error" Preflight issue with Express backend on Railway and Vue.js frontend on Vercel?
- XMLHttpRequest cannot load XXX No 'Access-Control-Allow-Origin' header
- Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response
- JasperReports Server Bitnami Docker Image Running in Azure App Service Custom Web.xml
- Error: Cannot find module 'cors'
- Unable to find definition of mvc:cors
- Chrome NOT performing a preflight request
- XMLHttpRequest error in flutter web [Enabling CORS AWS API gateway]
- OPTIONS Request made to domain root (/) on ddev nginx throws a 405 - We see access.log but the request is not forwarded to index.php
- Using the 'integrity' attribute for script tags while avoiding CORS errors over the file-uri protocol
- Firebase https onCall function blocked by cors
- Why does express router get blocked by CORS but router routes do not?
- Handle Cors from lambda to cloudfront or s3
- SCORM issues with packages that load content from an external domain on a popup window
- Cors Error when calling microservice from Vue frontend application
- NestJS enable cors in production
- Can we not set Allowed Headers for Azure App Service?
- React axios request to node express app gets blocked by cors
- Understanding CORS