I am trying to run my APIM API from.developer portal. I have added the full CORS policy as below:
<cors>
<allowed-origins>
<origin></origin>
</allowed-origins>
<allowed-methods>
<method>GET</method>
<method>POST</method>
<method>PUT</method>
<method>DELETE</method>
<method>HEAD</method>
<method>OPTIONS</method>
<method>PATCH</method>
<method>TRACE</method>
</allowed-methods>
<allowed-headers>
<header></header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
It works fine until i add return-response policy within on-error - then it again starts throwing the cors policy error- asking to enable cors on browser, even though cors already is enabled. Is there any other cors tag to add?
My on-error code:
<on-error>
<choose>
<when condition="@(context.Response.StatusCode != 200)">
<return-response>
<set-status code="@(context.Response.StatusCode)" reason="@(context.LastError.Reason)" />
<set-body>
new JProperty("Error Reason", context.LastError.Reason)
).ToString();
}</set-body>
</return-response>
</when>
<otherwise />
</choose>
<base />
</on-error>
I have checked after changing origin * to origin as link of the dev portal - I get the same error
The policy works on postman.