Forum Discussion

techstorm's avatar
techstorm
Copper Contributor
Jan 09, 2023

APIM CORS policy

We have CORS feature enabled API Gateway need to block / allow the Cross Origin requests
The CORS feature can be enabled for a resource or endpoint with the following features:

max age,sub domain matching,allowed headers,cookies allowed,domains,exposed headers

Need the api policy which will do the below followings :

(1) If an Cross Origin request is received for an endpoint with no CORS Enabled
Block the Cross Origin request with No 'Access-Control-Allow-Origin' error message

 

(2)If an Cross Origin request is received for an endpoint with CORS Enabled but not with the origin from one of the domains listed in the setup
Block the Cross Origin request with No 'Access-Control-Allow-Origin' error message

(3)If an Cross Origin request is received for an endpoint with CORS Enabled and all the settings for the CORS match with the CORS Request
The Cross Origin request is allowed by the gateway and processed

No RepliesBe the first to reply

Resources