Hi,

we have a datapower XB6201  software version 7.5.2.10.

We have an Angular app which creates http requests to GET and POST data. We use custom http headers to send an authorization token and user/pw info(for getting the OAuth authorization token).

Because the Angular app runs in a browser we have to handle CORS. CORS must be handled server side. The server must handle the preflight request which is sended by the browser.

Is it possible with a datapower component(I.e.  MPGW, WAF(web application firewall) to handle these preflight requests ?

And if so: How this configuration must be done ?  Any examples ?

Kind Regards

------------------------------
Bernard Pittens
Integration Engeneer
Sligro Foodgroup B.V.
Veghel
------------------------------

Hi Bernard, I am not in front of a DataPower box, but yes, in a MPGW service for example, in the processing policy, you would create a processing rule first to handle the OPTIONS method (preflight) the browser sends before the actual GET or POST. Such rule would have to reply back with the HTTP headers containing the operations your MPGW service supports. You may need to adjust your front side handler to allow the OPTIONS method, I don't recall if it is enabled by default.

------------------------------
Bruno R Neves
Integration Specialist
IBM
Tampa FL
------------------------------

Original Message:
Sent: 02-11-2019 02:29 PM
From: Bernard Pittens
Subject: Can datapower handle preflight or CORS request ?

Hi,

we have a datapower XB6201  software version 7.5.2.10.

We have an Angular app which creates http requests to GET and POST data. We use custom http headers to send an authorization token and user/pw info(for getting the OAuth authorization token).

Because the Angular app runs in a browser we have to handle CORS. CORS must be handled server side. The server must handle the preflight request which is sended by the browser.

Is it possible with a datapower component(I.e.  MPGW, WAF(web application firewall) to handle these preflight requests ?

And if so: How this configuration must be done ?  Any examples ?

Kind Regards

------------------------------
Bernard Pittens
Integration Engeneer
Sligro Foodgroup B.V.
Veghel
------------------------------

Hi Bruno,

Yes thanks, with an MPGW its possible. I have a working solution with some GatewayScript code.
This links is very detailed how to do this.

Processing CORS headers in datapower - IBM DataPower Gateways Forum

Ibm		remove preview
Processing CORS headers in datapower - IBM DataPower Gateways Forum developerWorks forums allow community members to ask and answer questions on technical topics. You can search forum titles, topics, open questions, and answered questions. You can easily see the forums that you own, are a member of, and are following. View this on Ibm >

------------------------------
Bernard Pittens
Integration Engeneer
Sligro Foodgroup B.V.
Veghel
------------------------------

Original Message:
Sent: 02-12-2019 02:48 AM
From: Bruno Rodrigues Neves
Subject: Can datapower handle preflight or CORS request ?

Hi Bernard, I am not in front of a DataPower box, but yes, in a MPGW service for example, in the processing policy, you would create a processing rule first to handle the OPTIONS method (preflight) the browser sends before the actual GET or POST. Such rule would have to reply back with the HTTP headers containing the operations your MPGW service supports. You may need to adjust your front side handler to allow the OPTIONS method, I don't recall if it is enabled by default.

------------------------------
Bruno R Neves
Integration Specialist
IBM
Tampa FL

Original Message:
Sent: 02-11-2019 02:29 PM
From: Bernard Pittens
Subject: Can datapower handle preflight or CORS request ?

Hi,

we have a datapower XB6201  software version 7.5.2.10.

We have an Angular app which creates http requests to GET and POST data. We use custom http headers to send an authorization token and user/pw info(for getting the OAuth authorization token).

Because the Angular app runs in a browser we have to handle CORS. CORS must be handled server side. The server must handle the preflight request which is sended by the browser.

Is it possible with a datapower component(I.e.  MPGW, WAF(web application firewall) to handle these preflight requests ?

And if so: How this configuration must be done ?  Any examples ?

Kind Regards

------------------------------
Bernard Pittens
Integration Engeneer
Sligro Foodgroup B.V.
Veghel
------------------------------

I added this stylesheet for CORS in my flow. wherever it is needed error or response

<xsl:template match="/">
<dp:set-http-response-header name="'Access-Control-Allow-Origin'" value="'*'"/>
<dp:set-http-response-header name="'Access-Control-Allow-Credentials'" value="'true'"/>
<xsl:if test="normalize-space(dp:variable('var://service/protocol-method')) = 'OPTIONS'">
<dp:set-http-response-header name="'Access-Control-Allow-Methods'" value="'POST,GET,PUT,OPTIONS'"/>
<dp:set-http-response-header name="'Access-Control-Allow-Headers'" value="dp:http-request-header('Access-Control-Request-Headers')"/>
<dp:set-variable name="'var://service/error-protocol-response'" value="'200'"/>
<dp:set-variable name="'var://service/error-protocol-reason-phrase'" value="'OK'"/>
</xsl:if>
</xsl:template>

------------------------------
Babu K
------------------------------

Original Message:
Sent: 02-11-2019 02:29 PM
From: Bernard Pittens
Subject: Can datapower handle preflight or CORS request ?

Hi,

we have a datapower XB6201  software version 7.5.2.10.

We have an Angular app which creates http requests to GET and POST data. We use custom http headers to send an authorization token and user/pw info(for getting the OAuth authorization token).

Because the Angular app runs in a browser we have to handle CORS. CORS must be handled server side. The server must handle the preflight request which is sended by the browser.

Is it possible with a datapower component(I.e.  MPGW, WAF(web application firewall) to handle these preflight requests ?

And if so: How this configuration must be done ?  Any examples ?

Kind Regards

------------------------------
Bernard Pittens
Integration Engeneer
Sligro Foodgroup B.V.
Veghel
------------------------------

Hi Babu, thx for your response but your xsl template solution gives an error in my case and I don't no why.
This error I gues means I try to proces an json message with an  xsl template ? 

"illegal character '{' at line 1 of http://127.0.0.1:1025/api/groentewinkel"

But I keep it with the gatewayscript solution.

Thanks anyway
Best regards

------------------------------
Bernard Pittens
Integration Engeneer
Sligro Foodgroup B.V.
Veghel
------------------------------

Original Message:
Sent: 02-12-2019 12:34 PM
From: Babu K
Subject: Can datapower handle preflight or CORS request ?

I added this stylesheet for CORS in my flow. wherever it is needed error or response

<xsl:template match="/">
<dp:set-http-response-header name="'Access-Control-Allow-Origin'" value="'*'"/>
<dp:set-http-response-header name="'Access-Control-Allow-Credentials'" value="'true'"/>
<xsl:if test="normalize-space(dp:variable('var://service/protocol-method')) = 'OPTIONS'">
<dp:set-http-response-header name="'Access-Control-Allow-Methods'" value="'POST,GET,PUT,OPTIONS'"/>
<dp:set-http-response-header name="'Access-Control-Allow-Headers'" value="dp:http-request-header('Access-Control-Request-Headers')"/>
<dp:set-variable name="'var://service/error-protocol-response'" value="'200'"/>
<dp:set-variable name="'var://service/error-protocol-reason-phrase'" value="'OK'"/>
</xsl:if>
</xsl:template>

------------------------------
Babu K

Original Message:
Sent: 02-11-2019 02:29 PM
From: Bernard Pittens
Subject: Can datapower handle preflight or CORS request ?

Hi,

we have a datapower XB6201  software version 7.5.2.10.

We have an Angular app which creates http requests to GET and POST data. We use custom http headers to send an authorization token and user/pw info(for getting the OAuth authorization token).

Because the Angular app runs in a browser we have to handle CORS. CORS must be handled server side. The server must handle the preflight request which is sended by the browser.

Is it possible with a datapower component(I.e.  MPGW, WAF(web application firewall) to handle these preflight requests ?

And if so: How this configuration must be done ?  Any examples ?

Kind Regards

------------------------------
Bernard Pittens
Integration Engeneer
Sligro Foodgroup B.V.
Veghel
------------------------------

Yeah May be bcoz you set input.
in generAl I keep the input as NULL, as CORS is nothing todo with INPUT payload

------------------------------
Babu K
------------------------------

Original Message:
Sent: 02-12-2019 02:54 PM
From: Bernard Pittens
Subject: Can datapower handle preflight or CORS request ?

Hi Babu, thx for your response but your xsl template solution gives an error in my case and I don't no why.
This error I gues means I try to proces an json message with an  xsl template ? 

"illegal character '{' at line 1 of http://127.0.0.1:1025/api/groentewinkel"

But I keep it with the gatewayscript solution.

Thanks anyway
Best regards

------------------------------
Bernard Pittens
Integration Engeneer
Sligro Foodgroup B.V.
Veghel

Original Message:
Sent: 02-12-2019 12:34 PM
From: Babu K
Subject: Can datapower handle preflight or CORS request ?

I added this stylesheet for CORS in my flow. wherever it is needed error or response

<xsl:template match="/">
<dp:set-http-response-header name="'Access-Control-Allow-Origin'" value="'*'"/>
<dp:set-http-response-header name="'Access-Control-Allow-Credentials'" value="'true'"/>
<xsl:if test="normalize-space(dp:variable('var://service/protocol-method')) = 'OPTIONS'">
<dp:set-http-response-header name="'Access-Control-Allow-Methods'" value="'POST,GET,PUT,OPTIONS'"/>
<dp:set-http-response-header name="'Access-Control-Allow-Headers'" value="dp:http-request-header('Access-Control-Request-Headers')"/>
<dp:set-variable name="'var://service/error-protocol-response'" value="'200'"/>
<dp:set-variable name="'var://service/error-protocol-reason-phrase'" value="'OK'"/>
</xsl:if>
</xsl:template>

------------------------------
Babu K

Original Message:
Sent: 02-11-2019 02:29 PM
From: Bernard Pittens
Subject: Can datapower handle preflight or CORS request ?

Hi,

we have a datapower XB6201  software version 7.5.2.10.

We have an Angular app which creates http requests to GET and POST data. We use custom http headers to send an authorization token and user/pw info(for getting the OAuth authorization token).

Because the Angular app runs in a browser we have to handle CORS. CORS must be handled server side. The server must handle the preflight request which is sended by the browser.

Is it possible with a datapower component(I.e.  MPGW, WAF(web application firewall) to handle these preflight requests ?

And if so: How this configuration must be done ?  Any examples ?

Kind Regards

------------------------------
Bernard Pittens
Integration Engeneer
Sligro Foodgroup B.V.
Veghel
------------------------------

Hello All,

We are dealing with CORS based http request ( An Ajax call from the front end web application)  so to handle I have written 2 rules :
1) This is to allow only options method and send back expected response headers and loop back without reaching backend.
2) This is the business rule  to allow only post method and call the backend . This also goes fine.

But while connecting backend URL I'm seeing the below Errors and the error rule is getting executed for the same  :
******************************************************************************************************************
Backside Header ('N/A') failed to parse due to http client /server error URL : *****.com
Error occurred when connecting to URL : ****.com
Http invalid Response returned 400 BAD request from URL : ****.com.

Is this has got something to do with passing CORS based headers to the backend ? . I'm just passing through the request to the back as it is . Could you please let me know incase this has got anything to with CORS based request / headers .






------------------------------
Nikhil Bachu
------------------------------

Original Message:
Sent: Tue February 12, 2019 12:34 PM
From: Babu K
Subject: Can datapower handle preflight or CORS request ?

I added this stylesheet for CORS in my flow. wherever it is needed error or response

<xsl:template match="/">
<dp:set-http-response-header name="'Access-Control-Allow-Origin'" value="'*'"/>
<dp:set-http-response-header name="'Access-Control-Allow-Credentials'" value="'true'"/>
<xsl:if test="normalize-space(dp:variable('var://service/protocol-method')) = 'OPTIONS'">
<dp:set-http-response-header name="'Access-Control-Allow-Methods'" value="'POST,GET,PUT,OPTIONS'"/>
<dp:set-http-response-header name="'Access-Control-Allow-Headers'" value="dp:http-request-header('Access-Control-Request-Headers')"/>
<dp:set-variable name="'var://service/error-protocol-response'" value="'200'"/>
<dp:set-variable name="'var://service/error-protocol-reason-phrase'" value="'OK'"/>
</xsl:if>
</xsl:template>

------------------------------
Babu K

Original Message:
Sent: 02-11-2019 02:29 PM
From: Bernard Pittens
Subject: Can datapower handle preflight or CORS request ?

Hi,

we have a datapower XB6201  software version 7.5.2.10.

We have an Angular app which creates http requests to GET and POST data. We use custom http headers to send an authorization token and user/pw info(for getting the OAuth authorization token).

Because the Angular app runs in a browser we have to handle CORS. CORS must be handled server side. The server must handle the preflight request which is sended by the browser.

Is it possible with a datapower component(I.e.  MPGW, WAF(web application firewall) to handle these preflight requests ?

And if so: How this configuration must be done ?  Any examples ?

Kind Regards

------------------------------
Bernard Pittens
Integration Engeneer
Sligro Foodgroup B.V.
Veghel
------------------------------