Access-Control-Allow-Origin on tyk gateway

Imported Google Group message. Original thread at: Redirecting to Google Groups Import Date: 2016-01-19 21:14:07 +0000.
Sender:S. Alexander Zaman.
Date:Tuesday, 26 May 2015 23:17:11 UTC+1.

Hello. I am trying to use tyk from my prototype angular website on a different domain. I have been trying to make calls to my api I’ve created in tyk but the calls are being blocked by my browser because of cors / Access-Control-Allow-Origin issues:

XMLHttpRequest cannot load http://localhost:8888/api/items. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allowed access. The response had HTTP status code 400.

If I were just using a straightup flask or tomcat app I could add some code to modify the response header. However I am not sure how to do that in tyk. Do you know how I should modify the tyk gateway so I can serve my api to my website’s XHR calls?

I have set things up using the docker GIST script.

Thanks for reading my post.


Imported Google Group message.
Sender:Martin Buhr.
Date:Wednesday, 27 May 2015 20:34:06 UTC+1.


If you need to add the header to a server block. I would recommend copying and overwriting the nginx.conf file in /opt/home/tyk-dashboard/host-manager/templates this is the file that is used to generate the various nginx confs used by tyke when it creates domain servers using the -v flag.

The -v flag works for files as well as dirs, I would recommend just overloading files independently so you don’t load all of them from your own folder (it’s all there in the docker docs)

As for the 8888 site, if you haven’t set up your domains or hosts properly they will never work, you need the dashboard, the nginx server and your hosts files all to work together before a portal will work.


Imported Google Group message.
Date:Tuesday, 26 May 2015 23:27:24 UTC+1.


If you are using the QuickStart gist then you can modify the tyk_nginx container, you will need to override the nginx.conf in /etc/nginx to allow the appropriate CORS permissions.

If you accessing the gateway directly then you’re out of luck, we recommend serving tyk up from behind a web server so this kind of thing can be managed.

Hope that helps :wink:


Imported Google Group message.
Sender:S. Alexander Zaman.
Date:Wednesday, 27 May 2015 20:09:42 UTC+1.

Hello Martin,

Thank you for your response :slight_smile: . I am trying to follow your advice but I am not familiar with nginx so I am running into some hurdles. Could you explain how I would add it. I’ve uncovered the following so far:

  1. the code I need to add is:
location / {
        add_header 'Access-Control-Allow-Origin' '*';

In addition it needs to be in a server block

  1. I’m using the -v (‘volume’) docker feature to link up the file as you’ve taught me in another post (thanks!)
  2. when I try to add it as an included file in conf.d as cors.conf nginx runs into issues where it tries to load my files from the nginx folder instead of going to the 8080 server to look
  3. when I try to plug in the add header statement into /opt/tyk-dashboard/host-manager/templates/nginx.conf in the server block I get a weird error of:

sed: cannot rename /opt/tyk-dashboard/host-manager/templates/sed3Paikf: Device or resource busy

and the 8888 site does not seem to work

Do you have any advice on where i could put the add headers statement to add the cors-friendly header without breaking the system?

Thanks again for looking into my issue!


  • show quoted text -