This documentation is for WSO2 API Manager 1.9.0. View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: WSODOCINTERNAL-615

...

Code Block
languagexml
titleCORS configurations in api-manager.xml
 <CORSConfiguration>
    <Enabled>true</Enabled>
    <Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>
    <Access-Control-Allow-Methods>GET,PUT,POST,DELETE,OPTIONS</Access-Control-Allow-Methods>
    <Access-Control-Allow-Headers>tenant, enterprise, authorization, Access-Control-Allow-Origin, Content-Type, SOAPAction</Access-Control-Allow-Headers>
</CORSConfiguration>
Note

This configuration is only valid for APIs created through the API manager Publisher application. All the other Oauth token related APIs (/authorize, /revoke, /token, /userinfo) are not affected from this. To enable CORS configuration to these APIs as well, see "Enabling CORS for Oauth Token related APIs".

Next, let's see how to add the two headers as parameters to the API Console.

Include Page
APIMShared:Include Additional Headers in the API Console
APIMShared:Include Additional Headers in the API Console

Anchor
EnableCORSForOauthTokenApis
EnableCORSForOauthTokenApis
Enabling CORS for Oauth Token related APIs

Enabling CORS configuration through api-manager.xml is only valid for APIs created through the API manager Publisher application. Hence enabling CORS for Oauth token related APIs (/authorize, /revoke, /token, /userinfo) can be carried out as follows. 

Based on the API that you need to enable CORS, add the following handler configuration to the relevant API synapse file present in <APIM_HOME>/repository/deployment/server/synapse-configs/default/apifolder. It should be added within the <handlers> parent element.

Code Block
languagexml
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
    <property name="inline" value="ENDPOINT"/>
</handler>

The following are the mappings of the synapse files corresponding to the Oauth token related APIs.

Endpoint
Synapse configuration
/authorize_AuthorizeAPI_.xml
/revoke_RevokeAPI_.xml
/token_TokenAPI_.xml
/userinfo_UserInfoAPI_.xml