search cancel

Request fails with Unknown header added in "Chrome Restlet Client"

book

Article ID: 113199

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

Request fails with Unknown header added in "Chrome Restlet Client"
API-GW : About adding unknown headers from "Chrome Restlet Client"

"500 Internal Server Error" is returned when API is accessed in the following environment 
 Chrome 
 Restlet Client 


Publish API from API Portal in the integrated environment of API Portal and API Gateway.
When accessing the API in the above environment, the following HTTP header was added, resulting in 500 Internal Server Error. 
Origin: chrome-extension: // aejoelaoggembcahagimdiliamlcdmfm 

At that time, the following was recorded in the log. 


[WARNING 415 com.l7tech.external.assertions.cors.server.ServerCORSAssertion: -5: Origin not allowed: chrome-extension://aejoelaoggembcahagimdiliamlcdmfm]

This problem occurs in the integrated environment of Portal 4.0 and API Gateway.

Cause

If request is sent from the Restlet Client, the following will be appended to the HTTP header.
  origin:chrome-extension://aejoelaoggembcahagimdiliamlcdmfm 
This happens when the method of Restlet Client is other than GET.
Also, when sending a request to API published from API Portal, "Portal Service Preface fragment" is called.
"Portal Service Preface Fragment" checks the Origin header and fails if it does not match the URL of the requesting source (portal tenant).
If the HTTP header is [origin: chrome-extension: // aejoelaoggembcahagimdiliamlcdmfm], it does not match the requesting URL.
So, "500 Internal Server Error"  occur.
This is a problem of "Restlet Client"

Environment

API Gateway 9.2
API Portal 4.0
Chrome 
Restlet Client 

 

Resolution

Add appropriate headers with "Restlet Client" and send request.
Name  : Origin 
Value : "URL of Portal tenant" 
         (for example:   http://portaltenant1.ca.com or https://portaltenatn1.ca.com)