Take a look at this post:
Basically:
- Add some allowed methods (e.g.
GET
,POST
,PUT
) - The CORS Spec needs
Origin
andAccess-Control-Request-Method
headers for pre-flight requests (OPTIONS)
Here’s it with Tyk Cloud proxying to example.com
:
martinbuhr@diziet-sma ~> curl -vvv -X OPTIONS -H "Origin: http://localhost" -H "Access-Control-Request-Method: GET" https://xxxx.cloud.tyk.io/test/
* Trying 52.205.26.151...
* Connected to xxxx.cloud.tyk.io (52.205.26.151) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.cloud.tyk.io
* Server certificate: Amazon
* Server certificate: Amazon Root CA 1
* Server certificate: Starfield Services Root Certificate Authority - G2
> OPTIONS /test/ HTTP/1.1
> Host: tyk-inc-portal-test.cloud.tyk.io
> User-Agent: curl/7.49.1
> Accept: */*
> Origin: http://localhost
> Access-Control-Request-Method: GET
>
< HTTP/1.1 200 OK
< Access-Control-Allow-Methods: GET
< Access-Control-Allow-Origin: http://localhost
< Access-Control-Max-Age: 24
< Cache-control: no-cache="set-cookie"
< Content-Type: text/plain; charset=utf-8
< Date: Wed, 19 Oct 2016 16:39:47 GMT
< Set-Cookie: AWSELB=A15351871EED3822C057D8653DCD7A0559A3D6489F2EDAC519C3F56B76311F575866272757EC31C283199D6E83B43D6BCC3F4FED505E505A88E6DF63FD899D66D2925504F1;PATH=/;MAX-AGE=180
< Vary: Origin
< Vary: Access-Control-Request-Method
< Vary: Access-Control-Request-Headers
< Content-Length: 0
< Connection: keep-alive
<
* Connection #0 to host xxx.cloud.tyk.io left intact
And for standard GET requests etc, you’ll need to ensure an origin header is present.