Hi Erico, According to your API definition, You had define POST only as a Resource in API. Therefore OPTIONS request which pre-flight request didn't get the headers set on API. Could you please try following documentation an see if your issue could get resolves. [1] - https://docs.wso2.com/display/EI660/Generating+an+API+using+Swagger
On Thu, Mar 19, 2020 at 8:45 AM Érico <[email protected]> wrote: > Hello > Please, I am facing an issue with CORS > My client is an angular 8 app calling an API with the following code: > > <api xmlns="http://ws.apache.org/ns/synapse"; name="tenantsApi" > context="/tenants"> > <resource methods="GET" uri-template="/tenants"> > <inSequence> > <log level="full"/> > <payloadFactory media-type="xml" description="createSOAPBody"> > <format> > <soap:Envelope xmlns:soap=" > http://www.w3.org/2003/05/soap-envelope"; xmlns:ser=" > http://services.mgt.tenant.carbon.wso2.org";> > <soap:Header/> > <soap:Body> > <ser:retrieveTenants/> > </soap:Body> > </soap:Envelope> > </format> > <args/> > </payloadFactory> > <header name="Action" scope="default" > value="urn:retrieveTenants"/> > <property name="username" value="admin" scope="default" > type="STRING"/> > <property name="password" value="admin" scope="default" > type="STRING"/> > <property name="credentials" > expression="fn:concat($ctx:username,':',$ctx:password)" scope="default" > type="STRING"/> > <property xmlns:ns="http://org.apache.synapse/xsd"; > name="Authorization" expression="fn:concat('Basic ', > base64Encode($ctx:credentials))" scope="transport" type="STRING"/> > <property name="Access-Control-Allow-Origin" value="*" > scope="transport" type="STRING"/> > <property name="Access-Control-Allow-Credentials" value="true" > scope="transport" type="STRING"/> > <property name="Access-Control-Allow-Methods" > value="GET,PUT,POST,DELETE,PATCH,OPTIONS" scope="transport" type="STRING"/> > <property name="Access-Control-Allow-Headers" > value="Authorization,Origin,X-Requested-With,Accept,Content-Type" > scope="transport" type="STRING"/> > <call> > <endpoint> > <address uri=" > https://localhost:9443/services/TenantMgtAdminService.TenantMgtAdminServiceHttpsSoap12Endpoint"; > format="soap11"/> > </endpoint> > </call> > <property name="messageType" value="application/json" > scope="axis2" type="STRING" description="Set to JSON media type"/> > <respond/> > </inSequence> > <property name="Access-Control-Allow-Origin" value="*" > scope="transport" type="STRING"/> > <property name="Access-Control-Allow-Credentials" value="true" > scope="transport" type="STRING"/> > <property name="Access-Control-Allow-Methods" > value="GET,PUT,POST,DELETE,PATCH,OPTIONS" scope="transport" type="STRING"/> > <property name="Access-Control-Allow-Headers" > value="Authorization,Origin,X-Requested-With,Accept,Content-Type" > scope="transport" type="STRING"/> > <outSequence/> > </resource> > </api> > > In can successfully test the API in Postman > > But in my angular app I'm getting the error: > > Access to XMLHttpRequest at 'http://localhost:8280/tenants/all' from > origin 'http://localhost:3000' has been blocked by CORS policy: Response > to preflight request doesn't pass access control check: No > 'Access-Control-Allow-Origin' header is present on the requested resource. > > > > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- *Tharindu Dharmarathna*Technical Lead WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94779109091*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
