Forum Discussion
AltocumulusCORS with API calls
There is a disable options for the 2 policies in the advanced options under the route as stop them when they are globally enabled under the entire LB just for a route that matches specific URLs and hosts.
MVPI suspect your API client does not support CORS as this is more of a browser feature as to protect the browsers to get redirected to external domains by an attacker. Better have 2 XC VIP one for API and one for browsers or if you know the API urls to make XC routes to disable CORS just for those URL.
See:
https://beeceptor.com/docs/concepts/cors/
Teddy_BrewskiThank you Nikoolayy1
We confirmed that our API clients do not send origin header, hence it's blocked.
We use one load balancer with multiple routes where traffic is routed based on Host headers.
Cross-Site Request Forgery Protection option is enabled globally (on the load balancer level) with all domains listed. I see CORS Policy and CSRF Policy under Advanced Options (in Route section), but none are configured. How can I use XC routes?
- Nikoolayy1
There is a disable options for the 2 policies in the advanced options under the route as stop them when they are globally enabled under the entire LB just for a route that matches specific URLs and hosts.