Yes, you can disable CORS from the attribute in api-manager.xml If you do so it will disable CORS for all the APIs served by the API Gateway
Thanks & Regards, Ishara Cooray Senior Software Engineer Mobile : +9477 262 9512 WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware On Mon, Jun 25, 2018 at 3:16 PM, shibsankar <src...@gmail.com> wrote: > any comments to this? > > *If this is not doable* , Can I disable WSO2 CORS? I see an enabled/ > disabled cors configuration in api-managers.xml (*screenshot attached*). > Does CORS disabled works? > > > Regards > Shib > > On Mon, Jun 25, 2018 at 1:10 PM, shibsankar <src...@gmail.com> wrote: > >> Okay. >> >> I tried with setting the 'content-type' header to >> 'application/x-www-form-urlencoded' and make the call. >> >> still received same error. >> >> also tried allowing 9443 for this and make this call . >> >> still received same error. >> >> *Please see the error message attached.* >> >> Regards >> Shib >> >> >> >> >> >> On Mon, Jun 18, 2018 at 8:36 AM, Prakhash Sivakumar <prakh...@wso2.com> >> wrote: >> >>> >>> >>> On Fri, Jun 15, 2018 at 5:21 PM Farasath Ahamed <farasa...@wso2.com> >>> wrote: >>> >>>> >>>> >>>> On Thu, Jun 14, 2018 at 3:32 PM, shibsankar <src...@gmail.com> wrote: >>>> >>>>> *grant_type=password.* >>>>> >>>>> >>>>> >>>>> For your convenience, I am providing the Angular JS relevant code >>>>> >>>>> >>>>> *// from Angular Controller js* >>>>> >>>>> var dataObj="grant_type=password&username=xxxxxxxxx&password=xxx >>>>> xxxxxx&scope=openid"; >>>>> >>>>> Service.callTokenAPI(dataObj) >>>>> .then(function onSuccess(response) { >>>>> console.log("Success"); >>>>> console.log("result #### = " + JSON.stringify(response)); >>>>> }, function onFailure(error) { >>>>> console.log("failure"); >>>>> }); >>>>> >>>>> >>>>> >>>>> *//from Service.js* >>>>> >>>>> var callTokenAPI = function (dataObj) { >>>>> console.log("Call server dataObj =" + angular.toJson(dataObj)); >>>>> var secret=clientKey+":"+clientPass; >>>>> var base64Encoded= btoa(secret); >>>>> console.log("base64Encoded="+base64Encoded); >>>>> return $http({ >>>>> url: tokenAPI, >>>>> method: 'POST', >>>>> data: dataObj, >>>>> headers: { "Content-Type": "application/json;charset=utf-8" >>>>> ,"Authorization":base64Encoded} >>>>> }); >>>>> }; >>>>> >>>>> >>>> Can you try setting the 'content-type' header to >>>> 'application/x-www-form-urlencoded'? (Check [1]) >>>> >>>> [1] https://security.stackexchange.com/questions/187311/why- >>>> cors-preflight-is-not-available-for-post-requests-when- >>>> content-type-is-appli/187312#187312 >>>> >>> >>> This should work. Also I think the reason for your observation is when >>> adding CORS related configs in tokenapi.xml and revokeapi.xml files, the >>> CORS allowing is not getting applied for the inbound and outbound requests >>> which uses 8280 and 8243 ports, just to confirm can you please try allowing >>> 9443 for this and make this call ? >>> >>>> >>>> >>>>> >>>>> When I run this I am getting CORS error screenshot shared earlier. >>>>> >>>>> Regards >>>>> Shib >>>>> >>>>> >>>>> On Thu, Jun 14, 2018 at 3:00 PM, Rushmin Fernando <rush...@wso2.com> >>>>> wrote: >>>>> >>>>>> Could you please let us know the grant type you are using here. I >>>>>> would like to know whether this is a valid use case. >>>>>> >>>>>> On Thu, Jun 14, 2018 at 2:54 PM shibsankar <src...@gmail.com> wrote: >>>>>> >>>>>>> Yes. I get same CORS error with the correct endpoint, which is */* >>>>>>> *token* >>>>>>> >>>>>>> screenshot attached. >>>>>>> >>>>>>> Regards >>>>>>> Shib >>>>>>> >>>>>>> On Thu, Jun 14, 2018 at 2:42 PM, Rushmin Fernando <rush...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> In the console logs, it says */toekn, *which is wrong spellings. >>>>>>>> >>>>>>>> Do you get the same CORS error with the correct endpoint, which is >>>>>>>> */**token *? >>>>>>>> >>>>>>>> On Thu, Jun 14, 2018 at 2:26 PM shibsankar <src...@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> I am receiving CORS Error when I call the WSO2 token API from >>>>>>>>> Angular JS application. >>>>>>>>> >>>>>>>>> How do you fix this? >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> Shib(9831418066) >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> Dev@wso2.org >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Best Regards* >>>>>>>> >>>>>>>> *Rushmin Fernando* >>>>>>>> *Technical Lead* >>>>>>>> >>>>>>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >>>>>>>> >>>>>>>> mobile : +94775615183 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> *Best Regards* >>>>>> >>>>>> *Rushmin Fernando* >>>>>> *Technical Lead* >>>>>> >>>>>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >>>>>> >>>>>> mobile : +94775615183 >>>>>> >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> Dev@wso2.org >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Farasath Ahamed >>>> Senior Software Engineer, WSO2 Inc.; http://wso2.com >>>> Mobile: +94777603866 >>>> Blog: blog.farazath.com >>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>> <http://wso2.com/signature> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>> >>> >>> -- >>> Prakhash Sivakumar >>> Senior Software Engineer | WSO2 Inc >>> Platform Security Team >>> Mobile : +94771510080 >>> Blog : https://medium.com/@PrakhashS >>> >> >> > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev