Hello,
I am currently facing issue with CORS issue in Azure APIM with my API.
I added below CORS policy Inbound only to my API on All Operations, where for testing in I have kept all open where I am allowing any Origin, Header and Methods.
This is still not resolving CORS error on client side. When I enable CORS policy at global level it resolve the CORS on client side and able to get resources.
Any help resolving this issue will be appreciated. Thank you for your help in advance.
<policies>
<inbound>
<base />
<cors allow-credentials="false">
<allowed-origins>
<origin>*</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="300">
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<choose>
<when condition="@(context.Request.Headers.GetValueOrDefault("Api-Environment","").Equals("DEV", StringComparison.OrdinalIgnoreCase))">
<set-backend-service base-url="{{dev-backend-service}}/api/v1/" />
</when>
<when condition="@(context.Request.Headers.GetValueOrDefault("Api-Environment","").Equals("DEV11", StringComparison.OrdinalIgnoreCase))">
<set-backend-service base-url="{{dev11-backend-service}}/api/v1/" />
</when>
<when condition="@(context.Request.Headers.GetValueOrDefault("Api-Environment","").Equals("DEV12", StringComparison.OrdinalIgnoreCase))">
<set-backend-service base-url="{{dev12-backend-service}}/api/v1/" />
</when>
<when condition="@(context.Request.Headers.GetValueOrDefault("Api-Environment","").Equals("DEV13", StringComparison.OrdinalIgnoreCase))">
<set-backend-service base-url="{{dev13-backend-service}}/api/v1/" />
</when>
<otherwise>
<return-response>
<set-status code="400" reason="Bad Request" />
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
<set-body>{
"errorCode": "400",
"errorMessage": "Invalid Api-Environment header's value. Value must be DEV, DEV11, DEV12, or DEV13"
}</set-body>
</return-response>
</otherwise>
</choose>
</inbound>
<backend>
<base />
</backend>
<on-error>
<base />
</on-error>
<outbound>
<base />
<set-header name="Access-Control-Allow-Origin" exists-action="override">
<value>@(context.Request.Headers.GetValueOrDefault("Origin",""))</value>
</set-header>
<set-header name="Access-Control-Allow-Methods" exists-action="override">
<value>POST</value>
</set-header>
<set-header name="Access-Control-Allow-Headers" exists-action="override">
<value>Content-Type</value>
</set-header>
<set-header name="Access-Control-Allow-Credentails" exists-action="override">
<value>true</value>
</set-header>
</outbound>
</policies>