I am currently trying to enable CORS for the OpenAPI specification in my Payara Micro server.
I'm working with Payara Micro 5.2021.9.
I have a microservice running on 10.0.2.15:8080 inside a Vagrant image that I want to access the OpenAPI specification through Swagger-UI (version 4.1.3) on my host machine at localhost:8080, but I keep getting a "Possible cross-origin (CORS) issue" from the Swagger-UI page when I try to bring it up.
Most resources I found say simply to add the following Payara configuration to enable OpenAPI CORS Headers be added. It is even documented here by Payara: https://docs.payara.fish/community/docs/documentation/microprofile/openapi.html
I added this configuration and it does add the headers, but I still keep getting the "Possible cross-origin (CORS) issue" from the Swagger-UI page. Reading further up on Swagger-UI it specifies the header should look like this: (Detailed here: https://swagger.io/docs/open-source-tools/swagger-ui/usage/cors/)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT, PATCH, OPTIONS
Access-Control-Allow-Headers: Content-Type, api_key, Authorization
When I do a manual curl for my openapi endpoint the headers show the following:
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: origin, content-type, accept, authorization
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
The noticeable difference is the "api-key" header is missing which I think may be required by Swagger-UI. This issue affects both accessing Swagger-UI in a virtual machine via Vagrant and also when these services are deployed in Docker containers. Does anyone have any suggestions on how to make Payara and Swagger-UI play nicely with each other when dealing with cross-origin specific REST calls? Any help would be greatly appreciated! :)
