DataPower General

Expand all | Collapse all

Can datapower handle preflight or CORS request ?

Jump to Best Answer
  • 1.  Can datapower handle preflight or CORS request ?

    Posted Mon February 11, 2019 02:29 PM
    Hi,

    we have a datapower XB6201  software version 7.5.2.10.

    We have an Angular app which creates http requests to GET and POST data. We use custom http headers to send an authorization token and user/pw info(for getting the OAuth authorization token).

    Because the Angular app runs in a browser we have to handle CORS. CORS must be handled server side. The server must handle the preflight request which is sended by the browser.

    Is it possible with a datapower component(I.e.  MPGW, WAF(web application firewall) to handle these preflight requests ?

    And if so: How this configuration must be done ?  Any examples ?

    Kind Regards

    ------------------------------
    Bernard Pittens
    Integration Engeneer
    Sligro Foodgroup B.V.
    Veghel
    ------------------------------


  • 2.  RE: Can datapower handle preflight or CORS request ?

    Posted Tue February 12, 2019 02:49 AM
    Hi Bernard, I am not in front of a DataPower box, but yes, in a MPGW service for example, in the processing policy, you would create a processing rule first to handle the OPTIONS method (preflight) the browser sends before the actual GET or POST. Such rule would have to reply back with the HTTP headers containing the operations your MPGW service supports. You may need to adjust your front side handler to allow the OPTIONS method, I don't recall if it is enabled by default.

    ------------------------------
    Bruno R Neves
    Integration Specialist
    IBM
    Tampa FL
    ------------------------------



  • 3.  RE: Can datapower handle preflight or CORS request ?
    Best Answer

    Posted Tue February 12, 2019 12:36 PM
    Hi Bruno,

    Yes thanks, with an MPGW its possible. I have a working solution with some GatewayScript code.
    This links is very detailed how to do this.

    Processing CORS headers in datapower - IBM DataPower Gateways Forum
    Ibm remove preview
    Processing CORS headers in datapower - IBM DataPower Gateways Forum
    developerWorks forums allow community members to ask and answer questions on technical topics. You can search forum titles, topics, open questions, and answered questions. You can easily see the forums that you own, are a member of, and are following.
    View this on Ibm >



    ------------------------------
    Bernard Pittens
    Integration Engeneer
    Sligro Foodgroup B.V.
    Veghel
    ------------------------------



  • 4.  RE: Can datapower handle preflight or CORS request ?

    Posted Tue February 12, 2019 12:34 PM
    I added this stylesheet for CORS in my flow. wherever it is needed error or response

    <xsl:template match="/">
    <dp:set-http-response-header name="'Access-Control-Allow-Origin'" value="'*'"/>
    <dp:set-http-response-header name="'Access-Control-Allow-Credentials'" value="'true'"/>
    <xsl:if test="normalize-space(dp:variable('var://service/protocol-method')) = 'OPTIONS'">
    <dp:set-http-response-header name="'Access-Control-Allow-Methods'" value="'POST,GET,PUT,OPTIONS'"/>
    <dp:set-http-response-header name="'Access-Control-Allow-Headers'" value="dp:http-request-header('Access-Control-Request-Headers')"/>
    <dp:set-variable name="'var://service/error-protocol-response'" value="'200'"/>
    <dp:set-variable name="'var://service/error-protocol-reason-phrase'" value="'OK'"/>
    </xsl:if>
    </xsl:template>

    ------------------------------
    Babu K
    ------------------------------



  • 5.  RE: Can datapower handle preflight or CORS request ?

    Posted Tue February 12, 2019 02:54 PM
    Hi Babu, thx for your response but your xsl template solution gives an error in my case and I don't no why.
    This error I gues means I try to proces an json message with an  xsl template ? 

    "illegal character '{' at line 1 of http://127.0.0.1:1025/api/groentewinkel"

    But I keep it with the gatewayscript solution.

    Thanks anyway
    Best regards

    ------------------------------
    Bernard Pittens
    Integration Engeneer
    Sligro Foodgroup B.V.
    Veghel
    ------------------------------



  • 6.  RE: Can datapower handle preflight or CORS request ?

    Posted Tue February 12, 2019 06:42 PM
    Yeah May be bcoz you set input.
    in generAl I keep the input as NULL, as CORS is nothing todo with INPUT payload

    ------------------------------
    Babu K
    ------------------------------