search cancel

Request fails with Unknown header added in "Chrome Restlet Client"


Article ID: 113199


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


Request fails with Unknown header added in "Chrome Restlet Client"
API-GW : About adding unknown headers from "Chrome Restlet Client"

"500 Internal Server Error" is returned when API is accessed in the following environment 
 Restlet Client 

Publish API from API Portal in the integrated environment of API Portal and API Gateway.
When accessing the API in the above environment, the following HTTP header was added, resulting in 500 Internal Server Error. 
Origin: chrome-extension: // aejoelaoggembcahagimdiliamlcdmfm 

At that time, the following was recorded in the log. 

[WARNING 415 com.l7tech.external.assertions.cors.server.ServerCORSAssertion: -5: Origin not allowed: chrome-extension://aejoelaoggembcahagimdiliamlcdmfm]

This problem occurs in the integrated environment of Portal 4.0 and API Gateway.


API Gateway 9.2
API Portal 4.0
Restlet Client 



If request is sent from the Restlet Client, the following will be appended to the HTTP header.
This happens when the method of Restlet Client is other than GET.
Also, when sending a request to API published from API Portal, "Portal Service Preface fragment" is called.
"Portal Service Preface Fragment" checks the Origin header and fails if it does not match the URL of the requesting source (portal tenant).
If the HTTP header is [origin: chrome-extension: // aejoelaoggembcahagimdiliamlcdmfm], it does not match the requesting URL.
So, "500 Internal Server Error"  occur.
This is a problem of "Restlet Client"


Add appropriate headers with "Restlet Client" and send request.
Name  : Origin 
Value : "URL of Portal tenant" 
         (for example: or