Hi Mahima,
This has been reported by other customers, and a fix will be delivered in the next DataPower fixpack 10.5.0.9 which is in final testing and should be available in the not too distant future (a week or so if all goes well). If you can be patient, I'd get that fix pack when it is available. Also, I must correct my previous post where the update to the headers must be in the post-error global policy's finally rule, NOT the post-response that I had incorrectly stated before. The issue is the global finally, where the post-error finally policies deploy, by default has an action called an API Result action, and the post-error was adding the policies from the global error policy BEFORE the API Result action, but it is this API Results action that fills in the CORS and Rate Limit headers. The fix properly keeps the API Result action first and adds the global policy actions after the API Results action so the subsequent global policy processing will change what is returned to the end user.
Best Regards,
Steve Linn
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
------------------------------
Original Message:
Sent: Fri December 01, 2023 03:59 PM
From: Mahima Annagiri
Subject: Need to remove the particular response headers
We have the same issue & we are removing 'X-RateLimit-Limit' header in the finally clause of post response global policy.
We are still seeing that header in the response in SOAPUI
Datapower version we are using is 10.5.0.8 & APIC version is 10.0.5.3
Code snippet:
finally:
- gatewayscript:
version: 2.0.0
title: gatewayscript
source: |-
context.message.header.remove('X-RateLimit-Limit');
context.message.header.remove('X-RateLimit-Remaining');
------------------------------
Mahima Annagiri
Original Message:
Sent: Mon October 02, 2023 09:41 AM
From: Steve Linn
Subject: Need to remove the particular response headers
Hi Pawan,
From discussions I've had with other developers, this can only be done with a post response global policy and only within the finally clause of the global policy. The finally clause is only supported starting at DataPower 10.5.0.x, so if you're using API Connect/DataPower versions 10.0.1.x you'll need to upgrade both API Connect and DataPower.
Best Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
Original Message:
Sent: Fri September 29, 2023 04:28 PM
From: Steve Linn
Subject: Need to remove the particular response headers
Hi Pawan,
What you're running into is when these headers are added to your response headers in relation to your assembly rule. As you've found out, the headers are being added after your assembly rule completes processing, so your attempts within your API assembly are not working. What type of Gateway are you using? For a v5 compatible gateway, a post-response or post-error gateway extension would be your only option. I've not tried this with the API Gateway to determine if a post-response or post-error global policy would be executed after these headers are added so you could subsequently remove them, but that is the only solution I can think of that MIGHT work. I'll need to ask around or do a prototype before I can give a definitive answer.
Best Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
Original Message:
Sent: Fri September 29, 2023 10:24 AM
From: Pawan Jinaga
Subject: Need to remove the particular response headers
Hello Team,
Can we remove "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.
------------------------------
Pawan Jinaga
------------------------------