How to enable CORS configuration in WSO2 for a specific API by using REST API?

Question

I am creating and publishing APIs using WSO2 REST APIs and not from its UI because i have hundreds of WSO2 APIs to manage. I use swagger file(in json format) to configure all the details about my API and then publish this swagger file using curl command. I want to enable CORS configuration for my WSO2 APIs.

The documentation provided for WSO2 APIs provides information only about enabling CORS config via UI. Here is the link.

I could not find any info as to how i can enable it by any means other than directly from its UI. I have tried adding the following field in the API's swagger file but this change is not reflected in the published API.

    "CORSConfiguration": {
        "Enabled": "true",
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Methods": "GET,PUT,POST,DELETE,PATCH,OPTIONS",
        "Access-Control-Allow-Headers": "authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction",
        "Access-Control-Allow-Credentials": "false"
    }

Any help to enable the CORS configuration for a particular API will be appreciated. Thanks :)

score 1 · Answer 1 · answered Aug 05 '19 at 08:40

1

CORS information should go in the API create/update payload like this.

   "corsConfiguration":    {
      "accessControlAllowOrigins": ["*"],
      "accessControlAllowHeaders":       [
         "authorization",
         "Access-Control-Allow-Origin",
         "Content-Type",
         "SOAPAction"
      ],
      "accessControlAllowMethods":       [
         "GET",
         "PUT",
         "POST",
         "DELETE",
         "PATCH",
         "OPTIONS"
      ],
      "accessControlAllowCredentials": false,
      "corsConfigurationEnabled": false
   }

See the sample payload in [1].

[1] https://docs.wso2.com/display/AM260/apidocs/publisher/#!/operations#APIIndividual#apisPost

answered Aug 05 '19 at 08:40

Bee

12,251
11
46
73

Thanks for the quick reply. Yes, i have seen this link earlier. But even if I import the same swagger file, the CORS configuration is not enabled. I tried giving the CORS file separately, just as i provide the endpoint configuration file. But nothing seems to enable the CORS. – Rahul Desai Aug 05 '19 at 12:24
Can you post your full request? – Bee Aug 05 '19 at 12:26
i have uploaded my swagger file in this post please check. – Rahul Desai Aug 06 '19 at 06:51
That should NOT go inside the swagger. It should go inside the API payload. Have a look at the doc carefully. – Bee Aug 06 '19 at 09:14

Rahul Desai · Answer 2 · 2019-08-06T06:49:45.790

@Bee, here is what i tried to do.

{
  "swagger": "2.0",
  "info": {
    "description": "Registration Type Master",
    "version": "1.0",
    "title": "Test_Entity_Master_API",
    "termsOfService": "urn:tos",
    "contact": {"name":"RD"},
    "license": {
      "name": "Apache 2.0",
      "url": "http://www.apache.org/licenses/LICENSE-2.0"
    }
  },
  "host": "http://sampleurl.com/",
  "basePath": "/samplemethod",
  "schemes": [
    "http"
  ],
  "consumes": [
    "application/json"
  ],
  "produces": [
    "application/json"
  ],
  "paths": {
    "/regtype/createregtype": {
      "post": {
        "summary": "Create reg type entry",
        "tags": [
          "Registration Type Master"
        ],
        "deprecated": false,
        "produces": [
          "application/json"
        ],
        "parameters": [
          {
            "name": "Body",
            "in": "body",
            "required": true,
            "description": "",
            "schema": {
              "type": "object",
              "properties": {
                "key": {
                  "type": "string"
                },
                "value": {
                  "type": "string"
                }
              }
            }
          }
        ],
        "responses": {
          "200": {
            "description": "",
            "schema": {
              "type": "object",
              "properties": {
                "success": {
                  "type": "boolean"
                },
                "error": {
                  "type": "boolean",
                  "default": false
                },
                "message": {
                  "type": "string"
                },
                "data": {
                  "type": "object"
                }
              }
            }
          },
          "500": {
            "description": "",
            "schema": {
              "type": "object",
              "properties": {
                "success": {
                  "type": "boolean",
                  "default": false
                },
                "error": {
                  "type": "boolean"
                },
                "message": {
                  "type": "string"
                },
                "data": {
                  "type": "object"
                }
              }
            }
          }
        }
      }
    }
  },
  "tags": [
    {
      "name": "entity-master-controller",
      "description": "Entity Master Controller"
    }
  ],
     "corsConfiguration":    {
      "accessControlAllowOrigins": ["https://dtdevsso.ril.com"],
      "accessControlAllowHeaders":[
         "authorization",
         "Access-Control-Allow-Origin",
         "Content-Type",
         "SOAPAction"
      ],
      "accessControlAllowMethods":[
         "GET",
         "PUT",
         "POST",
         "DELETE",
         "PATCH",
         "OPTIONS"
      ],
      "accessControlAllowCredentials": "true",
      "corsConfigurationEnabled": "true"
   }
}

In this swagger file, inspite of adding the CORS payload, it is not reflected after publishing the API through the swagger file.

score 0 · Answer 3 · answered Aug 06 '19 at 11:48

To setup CORS support you must first define an OPTIONS method in your resource that returns the required headers. All paths in swagger need a cors option chunk. this is the chunk.

"/users":
   {
    "options": {
        "summary": "CORS support",
        "description": "Enable CORS by returning correct headers\n",
        "consumes": [
            "application/json"
        ],
        "produces": [
            "application/json"
        ],
        "tags": [
            "CORS"
        ],
        "x-amazon-apigateway-integration": {
            "type": "mock",
            "requestTemplates": {
                "application/json": "{\n  \"statusCode\" : 200\n}\n"
            },
            "responses": {
                "default": {
                    "statusCode": "200",
                    "responseParameters": {
                        "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key'",
                        "method.response.header.Access-Control-Allow-Methods": "'*'",
                        "method.response.header.Access-Control-Allow-Origin": "'*'"
                    },
                    "responseTemplates": {
                        "application/json": "{}\n"
                    }
                }
            }
        },
        "responses": {
            "200": {
                "description": "Default response for CORS method",
                "headers": {
                    "Access-Control-Allow-Headers": {
                        "type": "string"
                    },
                    "Access-Control-Allow-Methods": {
                        "type": "string"
                    },
                    "Access-Control-Allow-Origin": {
                        "type": "string"
                    }
                }
            }
        }
    }
}

For more details you can visit this link

score 0 · Answer 4 · answered Sep 19 '19 at 09:21

I used the following payload for creating/updating an API in WSO2. It is working perfectly. Sorry for the delayed update on this.

{
   "name": "%apiName%",
   "description": "%apiDescription%",
   "context": "/%apiName%",
   "version": "%apiVersion%",
   "provider": "%apiProvider%",
   "apiDefinition": "%swaggger_extended.json% // Input swagger file",
   "wsdlUri": null,
   "status": "CREATED",
   "responseCaching": "Disabled",
   "cacheTimeout": 300,
   "destinationStatsEnabled": false,
   "isDefaultVersion": false,
   "type": "HTTP",
   "transport":    [
      "http",
      "https"
   ],
   "tags": ["%apiTags%"],
   "tiers": ["%apiTiersCollection%"],
   "visibility": "%apiVisibility%",
   "visibleRoles": [],
   "endpointConfig": "%endPointConfig%",
   "gatewayEnvironments": "Production and Sandbox",
   "subscriptionAvailability": null,
   "subscriptionAvailableTenants": [],
   "businessInformation":    {
      "businessOwnerEmail": "%BizOwnerName@ril.com%",
      "technicalOwnerEmail": "%TechOwnerName@ril.com%",
      "technicalOwner": "%TechOwnerName%",
      "businessOwner": "%BizOwnerName%"
   },
   "corsConfiguration":    {
      "accessControlAllowOrigins": ["originURL"],
      "accessControlAllowHeaders":       [
         "authorization",
         "Access-Control-Allow-Origin",
         "Content-Type",
         "SOAPAction"
      ],
      "accessControlAllowMethods":       [
         "GET",
         "PUT",
         "POST",
         "DELETE",
         "PATCH",
         "OPTIONS"
      ],
      "accessControlAllowCredentials": false,
      "corsConfigurationEnabled": true
   }
}

How to enable CORS configuration in WSO2 for a specific API by using REST API?

4 Answers4