Fantastic thread - detailed and knowledgeable answers. Thank you SO much.. We have been pulled around by support and developers for a few weeks now, where we needed to remove some response headers (and some mirrored input headers). We have been old that it was possible using the normal post assembly. But we could not get it working - and have been sending information to them in a continuous stream, he he..
This explains a lot and suddenly all our frustrations make sense, he he.. We are on API Connect 10.0.5.5 meaning Datapower 10.5.0.7 from much earlier last year..
I guess we will wait for the latest fixes to be available in API Connect as well - and find a workaround until then..
Original Message:
Sent: Mon December 11, 2023 10:05 AM
From: Steve Linn
Subject: Need to remove the particular response headers
Hi Mahima,
10.5.0.9 was made available Friday 12/08. See https://www.ibm.com/support/pages/node/6607653?myns=swgother&mynp=OCSS9H2Y&mync=E&cm_sp=swgother-_-OCSS9H2Y-_-E As for your question, the post-error global policy is really from a DataPower perspective is executed at the end of all transaction processing, so yes, it may seem an odd place, but as part of the default post transaction finally processing is where the rate-limit and CORS headers are added, so your post-error finally will be where you can remove what the default post transaction processing added.
Best Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
Original Message:
Sent: Wed December 06, 2023 11:25 PM
From: Mahima Annagiri
Subject: Need to remove the particular response headers
Hello @Steve Linn,
Thanks for the reply. We will try to update when the changes are available.
But post error global policy can only contain catch & finally policy, that would mean we will have to create a catch policy even though we do not have a requirement to catch any error globally. For removing the ratelimit headers, post error global policy does not seem to be ideal spot.
------------------------------
Mahima Annagiri
Original Message:
Sent: Mon December 04, 2023 02:16 PM
From: Steve Linn
Subject: Need to remove the particular response headers
Hi Mahima,
This has been reported by other customers, and a fix will be delivered in the next DataPower fixpack 10.5.0.9 which is in final testing and should be available in the not too distant future (a week or so if all goes well). If you can be patient, I'd get that fix pack when it is available. Also, I must correct my previous post where the update to the headers must be in the post-error global policy's finally rule, NOT the post-response that I had incorrectly stated before. The issue is the global finally, where the post-error finally policies deploy, by default has an action called an API Result action, and the post-error was adding the policies from the global error policy BEFORE the API Result action, but it is this API Results action that fills in the CORS and Rate Limit headers. The fix properly keeps the API Result action first and adds the global policy actions after the API Results action so the subsequent global policy processing will change what is returned to the end user.
Best Regards,
Steve Linn
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
Original Message:
Sent: Fri December 01, 2023 03:59 PM
From: Mahima Annagiri
Subject: Need to remove the particular response headers
We have the same issue & we are removing 'X-RateLimit-Limit' header in the finally clause of post response global policy.
We are still seeing that header in the response in SOAPUI
Datapower version we are using is 10.5.0.8 & APIC version is 10.0.5.3
Code snippet:
finally:
- gatewayscript:
version: 2.0.0
title: gatewayscript
source: |-
context.message.header.remove('X-RateLimit-Limit');
context.message.header.remove('X-RateLimit-Remaining');
------------------------------
Mahima Annagiri
Original Message:
Sent: Mon October 02, 2023 09:41 AM
From: Steve Linn
Subject: Need to remove the particular response headers
Hi Pawan,
From discussions I've had with other developers, this can only be done with a post response global policy and only within the finally clause of the global policy. The finally clause is only supported starting at DataPower 10.5.0.x, so if you're using API Connect/DataPower versions 10.0.1.x you'll need to upgrade both API Connect and DataPower.
Best Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
Original Message:
Sent: Fri September 29, 2023 04:28 PM
From: Steve Linn
Subject: Need to remove the particular response headers
Hi Pawan,
What you're running into is when these headers are added to your response headers in relation to your assembly rule. As you've found out, the headers are being added after your assembly rule completes processing, so your attempts within your API assembly are not working. What type of Gateway are you using? For a v5 compatible gateway, a post-response or post-error gateway extension would be your only option. I've not tried this with the API Gateway to determine if a post-response or post-error global policy would be executed after these headers are added so you could subsequently remove them, but that is the only solution I can think of that MIGHT work. I'll need to ask around or do a prototype before I can give a definitive answer.
Best Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
Original Message:
Sent: Fri September 29, 2023 10:24 AM
From: Pawan Jinaga
Subject: Need to remove the particular response headers
Hello Team,
Can we remove "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.
------------------------------
Pawan Jinaga
------------------------------