2

As stated in the January 2017 Endpoints release notes, I tried to update my openapi.yaml file to stop the Extensible Service Proxy (ESP) from blocking cross-origin requests by adding to x-google-endpoints:

swagger: "2.0"
info:
  description: "Market scan using technical indicators."
  title: "Talib Test"
  version: "1.0.0"
host: "YOUR-PROJECT-ID.appspot.com"
x-google-endpoints:
- name: "YOUR-PROJECT-ID.appspot.com"
  allowCors: "true"
basePath: "/"
consumes:
- "application/json"
produces:
- "application/json"
schemes:
- "http"
...

I continue to get an error in the browser when trying to make http calls from my angular application. The error is in both developer mode and after I deploy my angular application:

XMLHttpRequest cannot load
Response to preflight request doesn't pass access control check: 
No 'Access-Control-Allow-Origin' header is present on the requested resource.

When i look at Google Cloud logging I see that requestMethod:"OPTIONS" and status:200. The API is a POST method so I'm guessing it's the ESP blocking the request. Also, I have allowed CORS in my python application using FLASK-CORS so it should be working.

My application has two services that are both on Google App Engine. The first is Standard Envrionment. The second, which I am having issues with is Flexible Environment. I am using a dispatch.yaml file and separate openapi.yaml files if that's relevant. Also, the API works on hurl it and postman.

Any help would be awesome!

Nicholas
  • 1,113
  • 3
  • 14
  • 33

1 Answers1

3

Most likely your backend application did not handle CORS OPTIONS correctly. If "allowCors" is true, Endpoint proxy will pass the request to your backend application. Proxy will not add anything to the request. If "allowCors" is false, proxy will return 404.

Wayne Zhang
  • 147
  • 4
  • Thanks for this. It was the the back-end that wasn't handling CORS correctly. [FLASK-CORS](https://github.com/corydolphin/flask-cors) was not providing the right headers. I followed [this question](https://stackoverflow.com/questions/19962699/flask-restful-cross-domain-issue-with-angular-put-options-methods) and started using flasks after_request hook to create correct headers. Thanks again – Nicholas Jul 19 '17 at 02:03
  • 1
    Could you specify where in the openapi.json "allowCors" : "true" should be added? I have tried and it has not worked for me – caitcoo0odes Feb 26 '18 at 19:18
  • "allowCors" should be specified under "x-google-endpoints" as follows (for .yaml): x-google-endpoints: ... allowCors: "true" You can see an example for a .json spec here: https://cloud.google.com/endpoints/docs/release-notes#upcoming_changes – lkgarrison Nov 12 '18 at 19:45