DataPower General

Expand all | Collapse all

Can datapower handle preflight or CORS request ?

Jump to Best Answer
  • 1.  Can datapower handle preflight or CORS request ?

    Posted Mon February 11, 2019 02:29 PM
    Hi,

    we have a datapower XB6201  software version 7.5.2.10.

    We have an Angular app which creates http requests to GET and POST data. We use custom http headers to send an authorization token and user/pw info(for getting the OAuth authorization token).

    Because the Angular app runs in a browser we have to handle CORS. CORS must be handled server side. The server must handle the preflight request which is sended by the browser.

    Is it possible with a datapower component(I.e.  MPGW, WAF(web application firewall) to handle these preflight requests ?

    And if so: How this configuration must be done ?  Any examples ?

    Kind Regards

    ------------------------------
    Bernard Pittens
    Integration Engeneer
    Sligro Foodgroup B.V.
    Veghel
    ------------------------------


  • 2.  RE: Can datapower handle preflight or CORS request ?

    Posted Tue February 12, 2019 02:49 AM
    Hi Bernard, I am not in front of a DataPower box, but yes, in a MPGW service for example, in the processing policy, you would create a processing rule first to handle the OPTIONS method (preflight) the browser sends before the actual GET or POST. Such rule would have to reply back with the HTTP headers containing the operations your MPGW service supports. You may need to adjust your front side handler to allow the OPTIONS method, I don't recall if it is enabled by default.

    ------------------------------
    Bruno R Neves
    Integration Specialist
    IBM
    Tampa FL
    ------------------------------



  • 3.  RE: Can datapower handle preflight or CORS request ?
    Best Answer

    Posted Tue February 12, 2019 12:36 PM
    Hi Bruno,

    Yes thanks, with an MPGW its possible. I have a working solution with some GatewayScript code.
    This links is very detailed how to do this.

    Processing CORS headers in datapower - IBM DataPower Gateways Forum
    Ibm remove preview
    Processing CORS headers in datapower - IBM DataPower Gateways Forum
    developerWorks forums allow community members to ask and answer questions on technical topics. You can search forum titles, topics, open questions, and answered questions. You can easily see the forums that you own, are a member of, and are following.
    View this on Ibm >



    ------------------------------
    Bernard Pittens
    Integration Engeneer
    Sligro Foodgroup B.V.
    Veghel
    ------------------------------



  • 4.  RE: Can datapower handle preflight or CORS request ?

    Posted Tue February 12, 2019 12:34 PM
    I added this stylesheet for CORS in my flow. wherever it is needed error or response

    <xsl:template match="/">
    <dp:set-http-response-header name="'Access-Control-Allow-Origin'" value="'*'"/>
    <dp:set-http-response-header name="'Access-Control-Allow-Credentials'" value="'true'"/>
    <xsl:if test="normalize-space(dp:variable('var://service/protocol-method')) = 'OPTIONS'">
    <dp:set-http-response-header name="'Access-Control-Allow-Methods'" value="'POST,GET,PUT,OPTIONS'"/>
    <dp:set-http-response-header name="'Access-Control-Allow-Headers'" value="dp:http-request-header('Access-Control-Request-Headers')"/>
    <dp:set-variable name="'var://service/error-protocol-response'" value="'200'"/>
    <dp:set-variable name="'var://service/error-protocol-reason-phrase'" value="'OK'"/>
    </xsl:if>
    </xsl:template>

    ------------------------------
    Babu K
    ------------------------------



  • 5.  RE: Can datapower handle preflight or CORS request ?

    Posted Tue February 12, 2019 02:54 PM
    Hi Babu, thx for your response but your xsl template solution gives an error in my case and I don't no why.
    This error I gues means I try to proces an json message with an  xsl template ? 

    "illegal character '{' at line 1 of http://127.0.0.1:1025/api/groentewinkel"

    But I keep it with the gatewayscript solution.

    Thanks anyway
    Best regards

    ------------------------------
    Bernard Pittens
    Integration Engeneer
    Sligro Foodgroup B.V.
    Veghel
    ------------------------------



  • 6.  RE: Can datapower handle preflight or CORS request ?

    Posted Tue February 12, 2019 06:42 PM
    Yeah May be bcoz you set input.
    in generAl I keep the input as NULL, as CORS is nothing todo with INPUT payload

    ------------------------------
    Babu K
    ------------------------------



  • 7.  RE: Can datapower handle preflight or CORS request ?

    Posted Thu December 12, 2019 08:52 AM
    Hello All,

    We are dealing with CORS based http request ( An Ajax call from the front end web application)  so to handle I have written 2 rules :
    1) This is to allow only options method and send back expected response headers and loop back without reaching backend.
    2) This is the business rule  to allow only post method and call the backend . This also goes fine.

    But while connecting backend URL I'm seeing the below Errors and the error rule is getting executed for the same  :
    ******************************************************************************************************************
    Backside Header ('N/A') failed to parse due to http client /server error URL : *****.com
    Error occurred when connecting to URL : ****.com
    Http invalid Response returned 400 BAD request from URL : ****.com.

    Is this has got something to do with passing CORS based headers to the backend ? . I'm just passing through the request to the back as it is . Could you please let me know incase this has got anything to with CORS based request / headers .






    ------------------------------
    Nikhil Bachu
    ------------------------------