Couple of CORS questions

Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/JPwIzBibpY4 Import Date: 2016-01-19 21:25:08 +0000.
Sender:Richard Hulm.
Date:Thursday, 24 September 2015 11:56:58 UTC+1.

Hi Martin,

Couple of quick questions about CORS setup for APIs.

a) Is there a way of adding CORS settings when importing an API through this API? https://tyk.io/advanced-api-v0-9/api-definitions/

Was just wondering if the docs were out of date with the update?

b) Is there a way of specifying CORS headers to add on a per-key basis? Was wondering if we could allow people to register to use our application, and set a specfic cors header that would mean the gateway could work with their front end, rather than having to do wildcard.

Cheers,

Imported Google Group message.
Sender:Martin Buhr.
Date:Friday, 25 September 2015 07:02:36 UTC+1.

Hi Richard,

a) Yep it’s the same object as the regular API, so you should be able to add the CORS data to the api_definition object just like you would with a text-based API definition. Will need to update the dcos to reflect the new object structure.

b) Interesting idea, so if a user signs up, when you create the key, you add their domain to their key data, and then it gets added to the CORS definition… This isn’t supported at the moment on a key basis. But you could just add the domain to the api definition CORS section and push it into Tyk to have it hot-load?

Let me know if that makes sense :slight_smile:

Cheers,
Martin

Imported Google Group message.
Sender:Richard Hulm.
Date:Friday, 25 September 2015 09:02:45 UTC+1.

That sounds good, I’ll look into figuring out the syntax of that so we can at least automate that for the time being

b) That’s not a bad workaround, but it would get complicated in situations where two users both added the same domain for the cors header, then if one tried to remove it, would it get removed for both? As in the API definition it wouldn’t be directly associated with a user…

I’ll raise a feature request on github for this so it can be considered for the future, I agree updating the api-definition to add each user’s CORs header would be a workaround, but it feels like it could grow to unmanageable size quite quickly

  • show quoted text -

Imported Google Group message.
Sender:Martin Buhr.
Date:Friday, 25 September 2015 11:57:19 UTC+1.

Hi Richard,

Excellent - completely agree on your use case, will see what can be done.

Cheers,
Martin