The Cross-Origin Resource Sharing (CORS) Policy returns HTTP 403 (Forbidden) when 'APICAST_PATH_ROUTING=true' on Red Hat 3scale API Management
Issue
- If the
Cross-Origin Resource Sharing (CORS)
CORS Policy is not enabled for all theServices
, thepreflight HTTP OPTIONS
request will fail and return a403 (Forbidden)
response. - When we define a CORS policy for an
API
usingAPICAST_PATH_ROUTING=true
, it is not effective unless we have the sameCORS
policy on all the Red Hat 3scaleAPIs
.
Environment
- Red Hat 3scale API Management
- SaaS
- 2.X On-premises
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.