Page History
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<CORSConfiguration>
<Enabled>true</Enabled>
<Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>
<Access-Control-Allow-Methods>GET,PUT,POST,DELETE,OPTIONS</Access-Control-Allow-Methods>
<Access-Control-Allow-Headers>tenant, enterprise, authorization, Access-Control-Allow-Origin, Content-Type, SOAPAction</Access-Control-Allow-Headers>
</CORSConfiguration> |
| Note |
|---|
This configuration is only valid for APIs created through the API manager Publisher application. All the other Oauth token related APIs (/authorize, /revoke, /token, /userinfo) are not affected from this. To enable CORS configuration to these APIs as well, see "Enabling CORS for Oauth Token related APIs". |
Next, let's see how to add the two headers as parameters to the API Console.
| Include Page | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
Enabling CORS configuration through api-manager.xml is only valid for APIs created through the API manager Publisher application. Hence enabling CORS for Oauth token related APIs (/authorize, /revoke, /token, /userinfo) can be carried out as follows.
Based on the API that you need to enable CORS, add the following handler configuration to the relevant API synapse file present in <APIM_HOME>/repository/deployment/server/synapse-configs/default/api/ folder. It should be added within the <handlers> parent element.
| Code Block | ||
|---|---|---|
| ||
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
<property name="inline" value="ENDPOINT"/>
</handler> |
The following are the mappings of the synapse files corresponding to the Oauth token related APIs.
Endpoint | Synapse configuration |
|---|---|
| /authorize | _AuthorizeAPI_.xml |
| /revoke | _RevokeAPI_.xml |
| /token | _TokenAPI_.xml |
| /userinfo | _UserInfoAPI_.xml |
Overview
Content Tools
Activity