question

suvrajyoti-2505 avatar image
0 Votes"
suvrajyoti-2505 asked JayaC-MSFT commented

Azure APIM Policy and Preflight requests

Hi All,

We are using Azure API management(APIM) for publishing api's.

We have a set of server clusters, numbered 1, 2 and 3.The current APIM policy redirects incoming requests to one of these sets on the basis of whether an account no is present in the request header or not.

In case of preflight requests/ OPTIONS request (reference here: https://stackoverflow.com/questions/29954037/why-is-an-options-request-sent-and-can-i-disable-it) there is no header and hence no account no. In this case APIM policy redirects to Set 3. This what we do not want, we want Options/preflight request also to be redirected to other Sets.

Any suggestions of how this can be achieved.

Thanks,
SuvraJyoti

azure-api-management
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @suvrajyoti-2505 , Welcome to Microsoft QnA. Thank you for the question. We will review and update at the earliest.

0 Votes 0 ·

Just to add , redirecting to Set 3 is an issue only when it is down. Otherwise it is fine. Also the CORS policy is also applied in the APIM. At all API level as well as for API level.

0 Votes 0 ·

Update: This is what the effective policy looks like. The condition for <when condition="@(context.Request.Method == "OPTIONS=""")"> is not being hit currently. Please suggest

<policies>
<inbound>
<!-- base: Begin Product scope -->
<choose>
<when condition="@(context.Request.Method == "OPTIONS=""")">
<return-response response-variable-name="existing response variable">
<!---Setting Headers and Status codes here-->
</return-response>
</when>
</choose>
<!-- base: End Product scope -->
<cors>
<allowed-origins>
<origin>*</origin>
</allowed-origins>
<allowed-methods>
<method>POST</method>
<method>PUT</method>
<method>GET</method>
<method>DELETE</method>
<method>OPTIONS</method>
</allowed-methods>
<allowed-headers>
<header>content-type</header>
<header>Ocp-Apim-Subscription-Key</header>
<header>accept</header>
</allowed-headers>
<expose-headers>
<header>Content-Disposition</header>
</expose-headers>
</cors>
<set-variable name="accNumb" value="" />
</inbound>
<backend>
<forward-request />
</backend>
<outbound />
<on-error />
</policies>

0 Votes 0 ·

Any suggestions on this.. i am still facing the issue.

0 Votes 0 ·

0 Answers