CORS and OPTIONS preflight requests

If I want to use rewrites for some endpoints, do I need to configure rewrite rule also for OPTIONS method for CORS to be managed by Tyk?

Without explicit rewrite rule for OPTIONS, I get 404 not found responses for preflight requests. Am I missing something?

    "path": "{apikey}/intake/v2/rum/events",
    "method": "POST",
    "match_pattern": "(.*)",
    "rewrite_to": "/intake/v2/rum/events"

CORS config part:

"CORS": {
        "enable": true,
        "allowed_origins": [
        "allowed_methods": [
        "allow_credentials": true,
        "max_age": 24,
        "options_passthrough": false

Hi @bkomac, could you answer a couple of questions:

  1. What is your client? (meaning where are you making the initial request from)
  2. Does upstream service support CORS?

I’m testing from Postman.
Upstream does not support CORS. I want Tyk to manage it.


It looks like the problem is on our load balancer (F5), because we are routing different endpoints to different gateways (old one and Tyk). Weird s…t happens in single page apps, where the connection is reused.

Great! I already had a draft prepared stating I couldn’t get the same 404s and maybe enabling debug mode for cors and checking debug logs might show what the issue is.

Glad to know the issue was discovered.

1 Like