IBM Security Verify

Expand all | Collapse all

ISAM - Need Help in fixing cors issue

  • 1.  ISAM - Need Help in fixing cors issue

    Posted 5 days ago
    Hello All,

    I have configured the reverse proxy(on ISAM 10) for cors with the HTTP Transformation rule. but still getting cors issue

    can anyone help?

    HTTP Transformation Rule File (cors)

    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet xmlns:xsl="" version="1.0">

    <xsl:variable name="my-method">
    <xsl:value-of select="//HTTPRequest/RequestLine/Method" />

    <xsl:variable name="origin-value">
    <xsl:value-of select="//HTTPRequest/Headers/Header[@name='origin']" />

    <xsl:strip-space elements="*" />

    <xsl:template match="/">
    <xsl:apply-templates />

    <xsl:template match="//HTTPRequest/Headers">
    <xsl:when test="Header/@name='origin' and $origin-value='*' and $my-method = 'OPTIONS'" >
    <HTTPResponseChange action="replace">
    <Header name="Access-Control-Allow-Origin" action="add">*</Header>
    <Header name="Access-Control-Max-Age" action="add">86400</Header>
    <Header name="Access-Control-Allow-Credentials" action="add">true</Header>
    <Header name="Access-Control-Allow-Methods" action="add">POST,OPTIONS,GET</Header>


    configurations in reverse proxy files

    CORS = cors

    request-match = request:OPTIONS /mga*


  • 2.  RE: ISAM - Need Help in fixing cors issue

    Posted 5 days ago
    Even I have tried with configuring [cors-policy:corsdemo] stanza, after removing configurations related to the transformation rule.

    configurations that have been configured on the reverse proxy


    request-match = OPTIONS /mga*
    request-match = GET /mga*
    request-match = POST /mga*

    handle-pre-flight = true

    allow-origin = *

    allow-credentials =

    allow-header = GET
    allow-header = PUT
    allow-header = POST
    allow-header = OPTIONS

    allow-method = GET
    allow-method = POST
    allow-method = PUT
    allow-method = OPTIONS

    max-age = 3600

    expose-header = GET
    expose-header = POST
    expose-header = PUT
    expose-header = OPTIONS


    can anyone help?


  • 3.  RE: ISAM - Need Help in fixing cors issue

    Posted 5 days ago
    What is you desired behaviour and what is the current behaviour?  Further information is really required.


    Sent from my iPad

  • 4.  RE: ISAM - Need Help in fixing cors issue

    Posted 4 days ago
    Hi Scott,

    I have created a custom login infoMap and calling as an API from Angular App(SPA).

    For testing purpose, we are running SPA on localhost but due to cross-domain of Angular(localhost) and ISAM(reverse proxy),
    ISAM throwing Cors issue.

    current behavior: we are not able to call infoMap from cross-domain.

    desired behavior: ISAM should allow calling infoMap as an API from any domain.