Request fails with Unknown header added in "Chrome Restlet Client"
Article ID: 113199
STARTER PACK-7CA Rapid App SecurityCA API Gateway
Request fails with Unknown header added in "Chrome Restlet Client" API-GW : About adding unknown headers from "Chrome Restlet Client"
"500 Internal Server Error" is returned when API is accessed in the following environment Chrome Restlet Client
Publish API from API Portal in the integrated environment of API Portal and API Gateway. When accessing the API in the above environment, the following HTTP header was added, resulting in 500 Internal Server Error. Origin: chrome-extension: // aejoelaoggembcahagimdiliamlcdmfm
At that time, the following was recorded in the log.
[WARNING 415 com.l7tech.external.assertions.cors.server.ServerCORSAssertion: -5: Origin not allowed: chrome-extension://aejoelaoggembcahagimdiliamlcdmfm]
This problem occurs in the integrated environment of Portal 4.0 and API Gateway.
API Gateway 9.2 API Portal 4.0 Chrome Restlet Client
If request is sent from the Restlet Client, the following will be appended to the HTTP header. origin:chrome-extension://aejoelaoggembcahagimdiliamlcdmfm This happens when the method of Restlet Client is other than GET. Also, when sending a request to API published from API Portal, "Portal Service Preface fragment" is called. "Portal Service Preface Fragment" checks the Origin header and fails if it does not match the URL of the requesting source (portal tenant). If the HTTP header is [origin: chrome-extension: // aejoelaoggembcahagimdiliamlcdmfm], it does not match the requesting URL. So, "500 Internal Server Error" occur. This is a problem of "Restlet Client"
Add appropriate headers with "Restlet Client" and send request. Name : Origin Value : "URL of Portal tenant" (for example: http://portaltenant1.ca.com or https://portaltenatn1.ca.com)