How to configure response body of CORS error in Azure APIM Policy
I am using Azure API Management. And I added the CORS policy to my inbound section.
I noticed that I am getting a 200 status code and empty response body when the origin is not in the allowed-origin, e.g. if my origin header is https://google.com. That is due to the behaviour of terminate-unmatched-request.
However, I don't want the response body to be empty. I want my response body to return {"msg":"COR issue"}.What should i do? I know there are similar questions out there but Ican't find any working solution so far.
<cors allow-credentials="false" terminate-unmatched-request="true">
<allowed-origins>
<origin>https://happygamer.com</origin>
</allowed-origins>
<allowed-methods>
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
Solution
Use the given policy to get the response body and status code as well for CORS errors.
<policies>
<inbound>
<cors allow-credentials="false" terminate-unmatched-request="true">
<allowed-origins>
<origin>https://happygamer.com</origin>
</allowed-origins>
<allowed-methods>
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<choose>
<when condition="@(context.Request.Headers.GetValueOrDefault("Origin") != null && context.Request.Headers.GetValueOrDefault("Origin") != "https://happygamer.com")">
<return-response>
<set-status code="403" reason="Forbidden" />
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
<set-body>{"msg":"CORS issue"}</set-body>
</return-response>
</when>
</choose>
</inbound>
</policies>
Output-
- Migrating from validate-jwt to validate-azure-ad-token policy
- Getting a 404 error when I try to debug a policy using Azure APIM management extension in Visual Studio Code
- How do I set scope in Azure API Manager (APIM) when using D_application_id
- SSL/TLS error on exposing Fuction App in API Management
- Curly brace literals in an Azure APIM variable expression
- Azure APIM: Identifying the API resource id from the portal
- HTTP/1.1 401 Unauthorized - Developer portal
- Azure Management REST API - "Authentication failed. The 'Authorization' header is provided in an invalid format."
- Static IP address in Azure API management Service
- API Management OAuth 2.0 configuration issue
- Unable to delete API testapi. There is a chance it was deleted, please try to refresh
- Azure APIM missing subscription key error on single api call of larger set
- APIM policy IF/When policy
- Entity with specified identifier not found when applying policy on API operation with Bicep in Azure API Management
- How to configure response body of CORS error in Azure APIM Policy
- Server error occured while using B2C on Azure API Management Develop portal
- How to get Project Name, Release Name, Release Date, Release Changes (Commit Message) From Azure Release APIs
- How to call an Azure OpenAI service which is behind an API Management instance?
- Streaming response is not working in Azure APIM
- PowerShell to get Azure API report?
- REST API service when called from azure APIM returning empty response body with Status code 200
- Why I don't have the sub-menu for Azure Monitor Logs in API Management?
- Cannot login to Azure API Management Developer Portal with AAD
- APIM developer portal test console does not show gateway custom domains
- Azure AD Graph API or Powershell Graph: Gathering all the assigned roles that are associated to a group
- Why does Azure Self-hosted agent receive Connection refused error when connecting with EventHubs?
- Terraform AzureRM Not working to create api managment (APIM) backend ValidationError
- Default version for API Management
- How do I conditionally restrict API Endpoint Access based on Audience ID?
- restrict requests to storage account container based on blob name via request header using APIM policy