Hello again smart people,
API KEY SETUP:
- I have an API-key connected to a serverless function (via Cloud Functions).
- I use that API-key to call a Cloudant database from an external domain (https://example.com)
- The API-call has a Request-Header (an "X-IBM-Client-Id", which was autogenerated when the Cloud-Function API-key was created).
- Because the API call includes a Request-Header, the browser initiates a Preflight request:
THE ISSUE:
The Preflight request is rejected with the following error:
- "Preflight Wildcard Origin Not Allowed - Access to fetch at 'https://service.us-east.apiconnect.ibmcloud.com/gws/apigateway/api/111111111111/db/' from origin 'https://example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'."
In devtools, the Cloudant (Cloud-Function) Response Header does indeed show a Wildcard (*)
- Access-Control-Allow-Origin: *
***
MY QUESTION:
How can I change the Cloud-Function API-Key Response-Header to this:
so that the Preflight request will succeed?
***
CONDITIONS
- I already have CORS enabled on the Cloudant database, and have whitelisted the requesting domain ("https://example.com")
- I already have CORS enabled for that Cloud-Function API key (however there is no option to whitelist a domain) <=== that is what I aim to affect.
***
Thank you for your help.
I am very determined to make this work.
- Sunny G
------------------------------