API Connect

Hello again smart people,

API KEY SETUP:

• I have an API-key connected to a serverless function (via Cloud Functions).
• I use that API-key to call a Cloudant database from an external domain (https://example.com)
• The API-call has a Request-Header (an "X-IBM-Client-Id", which was autogenerated when the Cloud-Function API-key was created).
• Because the API call includes a Request-Header, the browser initiates a Preflight request:

THE ISSUE:

The Preflight request is rejected with the following error:

• "Preflight Wildcard Origin Not Allowed - Access to fetch at 'https://service.us-east.apiconnect.ibmcloud.com/gws/apigateway/api/111111111111/db/' from origin 'https://example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'."

In devtools, the Cloudant (Cloud-Function) Response Header does indeed show a Wildcard (*)

• Access-Control-Allow-Origin: *

***

MY QUESTION:

How can I change the Cloud-Function API-Key Response-Header to this:

• Access-Control-Allow-Origin: http://example.com

so that the Preflight request will succeed?

***

CONDITIONS

• I already have CORS enabled on the Cloudant database, and have whitelisted the requesting domain ("https://example.com")
• I already have CORS enabled for that Cloud-Function API key (however there is no option to whitelist a domain) <=== that is what I aim to affect.

***

Thank you for your help.

I am very determined to make this work.

- Sunny G
------------------------------

Hi @Sunny G
​You may want to consider reposting this in the Cloud community instead as they may be better able to help you as this is targeted more towards IBM Cloud Functions: https://community.ibm.com/community/user/publiccloud/communities/communities/communities/community-home?CommunityKey=249657e6-a0c3-4528-9752-3bf1e5e03d74
​​Hope you get some answers!

------------------------------
Jina K
------------------------------

Original Message:
Sent: Thu January 06, 2022 06:24 PM
From: Sunny G
Subject: How to edit Cloud-Function API-Key Response-Header??

Hello again smart people,

API KEY SETUP:

• I have an API-key connected to a serverless function (via Cloud Functions).
• I use that API-key to call a Cloudant database from an external domain (https://example.com)
• The API-call has a Request-Header (an "X-IBM-Client-Id", which was autogenerated when the Cloud-Function API-key was created).
• Because the API call includes a Request-Header, the browser initiates a Preflight request:

THE ISSUE:

The Preflight request is rejected with the following error:

• "Preflight Wildcard Origin Not Allowed - Access to fetch at 'https://service.us-east.apiconnect.ibmcloud.com/gws/apigateway/api/111111111111/db/' from origin 'https://example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'."

In devtools, the Cloudant (Cloud-Function) Response Header does indeed show a Wildcard (*)

• Access-Control-Allow-Origin: *

***

MY QUESTION:

How can I change the Cloud-Function API-Key Response-Header to this:

• Access-Control-Allow-Origin: http://example.com

so that the Preflight request will succeed?

***

CONDITIONS

• I already have CORS enabled on the Cloudant database, and have whitelisted the requesting domain ("https://example.com")
• I already have CORS enabled for that Cloud-Function API key (however there is no option to whitelist a domain) <=== that is what I aim to affect.

***

Thank you for your help.

I am very determined to make this work.

- Sunny G
------------------------------