Allow CORS to see stats in /member url

eloyucu · October 11, 2016, 4:26pm

Hi everyone.
I am having a trouble of CORS when I am trying to access Domain.com Login.
There is a AJAX query that makes a GET over

http://domain.com/api/public/activity/me/XXXXXXX/XXXXXXXX/4/10/2016/12/10/2016/?p=-1&res=day

but this url throws a 404. After any modifies on the virtual host config file (I am pasting only the concerning at this request):

location /api/ {
            rewrite ^/api/(.*)$ $scheme://$host:3000/api/$1 permanent;
}

And this rule seems that is working because now, I get this other other problem:

 GET http://domain.com:3000/api/public/activity/me/XXXXX/XXXX/4/10/2016/12/10/2016/?p=-1&res=day 
XMLHttpRequest cannot load http://domain.com:3000/api/public/activity/me/XXXXXX/XXXX/4/10/2016/12/10/2016/?p=-1&res=day. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://dev.airgateway.net' is therefore not allowed access. The response had HTTP status code 400.

In the ngnix I allow Access-Control-Allow-Origin.

So… what is the way to allow CORS in the dashboard (the port 3000 is used by dashboard… so I suppose it is which must allow CORS)??
Thank you.

Kos · October 11, 2016, 4:47pm

Hi eloyucu,

the Dashboard doesn’t handle CORS. So I suggest proxying the Dash API or inject headers in an other level.
Can you be more clear on what do you mean by “In the ngnix I allow Access-Control-Allow-Origin.” ?

Thanks,

Kos @ Tyk Support Team

Martin · October 11, 2016, 4:50pm

There are no CORS settings for the dashboard API if you want to use those system endpoints in an AJAX request - you will need to proxy the dashboard endpoint as an API via Tyk gateway to add CORS support :-S

M.

eloyucu · October 11, 2016, 9:19pm

Hi Kos,

What I mean is that I have, on the file /etc/ngnix/ngnix.conf, something like this:

http{
     #more lines
     add_header Access-Control-Allow-Origin *;
}

And… seeing that it didn’t work, I put same on file /etc/ngnix/sites-availability/domain.com

server{
    add_header Access-Control-Allow-Origin *;
    location /api/ {
        rewrite ^/api/(.*)$ $scheme://$host:3000/api/$1 permanent;
    }
    #more lines
}

Isn’t that enough??

eloyucu · October 11, 2016, 9:34pm

Ok!!!
it is done.

My /etc/nginx/sites-availabe/domain.com looks like this:

server{
    listen 80;
    root /opt/dashboard/portal;
    server_name domain.com
   location /api/ {
            rewrite ^/api/(.*) /api/$1 break;

            proxy_set_header Host domain.com:3000;
            proxy_pass          http://domain.com:3000/;
            proxy_redirect off;

            sub_filter '"/' '"/';
            sub_filter_once off;
    }
    #more locations
}

And there is no needing to add add_header Access-Control-Allow-Origin *; in any place.

Thank you.

Kos · October 11, 2016, 11:06pm

Hi eloyucu,

no problem,I’m glad it worked.

Thanks for using Tyk !

Kos,
Tyk Support Team