How to configure response body of CORS error in Azure APIM Policy
I am using Azure API Management. And I added the CORS policy to my inbound section.
I noticed that I am getting a 200 status code and empty response body when the origin is not in the allowed-origin, e.g. if my origin header is https://google.com. That is due to the behaviour of terminate-unmatched-request.
However, I don't want the response body to be empty. I want my response body to return {"msg":"COR issue"}.What should i do? I know there are similar questions out there but Ican't find any working solution so far.
<cors allow-credentials="false" terminate-unmatched-request="true">
<allowed-origins>
<origin>https://happygamer.com</origin>
</allowed-origins>
<allowed-methods>
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
Solution
Use the given policy to get the response body and status code as well for CORS errors.
<policies>
<inbound>
<cors allow-credentials="false" terminate-unmatched-request="true">
<allowed-origins>
<origin>https://happygamer.com</origin>
</allowed-origins>
<allowed-methods>
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<choose>
<when condition="@(context.Request.Headers.GetValueOrDefault("Origin") != null && context.Request.Headers.GetValueOrDefault("Origin") != "https://happygamer.com")">
<return-response>
<set-status code="403" reason="Forbidden" />
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
<set-body>{"msg":"CORS issue"}</set-body>
</return-response>
</when>
</choose>
</inbound>
</policies>
Output-
- API Management service - 2 APIs for same service
- How to log Azure APIM user in Application Insights
- Azure API Management service - getting the subscription key into Application Insights
- Bing Search API: Getting 401 Acces Denied error while using the right suscription key
- Azure Api Management append api to existing api with arm
- Configuration issue in azure api management service
- In a hybrid scenario, should APIM used for system to system Azure cloud to on-premises invocations?
- Why does the subscription key have product=<name> when I select a Product?
- How to using the generated token to authenticate the ADF REST API
- Validated Open API spec fails to upload on Azure API Management
- How to temporary stop Azure API Management Service
- How to specify rewrite url for query string parameters in Azure API Management
- Enabling minimum apiVersion to 2021-08-01 in Azure API Management causing saving issues or deployment errors for existing logic apps
- Migrating from validate-jwt to validate-azure-ad-token policy
- Getting a 404 error when I try to debug a policy using Azure APIM management extension in Visual Studio Code
- Apim (private endpoint) named value, keyvault secret 404
- How do I set scope in Azure API Manager (APIM) when using D_application_id
- SSL/TLS error on exposing Fuction App in API Management
- Curly brace literals in an Azure APIM variable expression
- Azure APIM: Identifying the API resource id from the portal
- HTTP/1.1 401 Unauthorized - Developer portal
- Azure Management REST API - "Authentication failed. The 'Authorization' header is provided in an invalid format."
- Static IP address in Azure API management Service
- API Management OAuth 2.0 configuration issue
- Unable to delete API testapi. There is a chance it was deleted, please try to refresh
- Azure APIM missing subscription key error on single api call of larger set
- APIM policy IF/When policy
- Entity with specified identifier not found when applying policy on API operation with Bicep in Azure API Management
- How to configure response body of CORS error in Azure APIM Policy
- Server error occured while using B2C on Azure API Management Develop portal