CA API Gateway: Process CORS Assertion Accepted Headers
search cancel

CA API Gateway: Process CORS Assertion Accepted Headers

book

Article ID: 115800

calendar_today

Updated On:

Products

CA Rapid App Security CA API Gateway

Issue/Introduction



What is the purpose of the "Accepted Headers" tab of the Process CORS assertion?
It is observed that passing headers not in this list are accepted whereas an error would be expected.


 

Environment

Release:
Component: APIMBL

Resolution

The assertion will enforce headers as specified using the “Access-Control-Request-Headers” header during the CORS pre-flight request. 

However, in the case of a simple CORS request (as opposed to a complex request, preflight request + actual request) this will not be enforced.