Enable crossdomain when using TYK


#1

Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/ZZfRsuwzRkw Import Date: 2016-01-19 21:19:25 +0000.
Sender:Jayadatta Vallabhaneni.
Date:Tuesday, 4 August 2015 18:09:56 UTC+1.

Hi Martin,

We are trying to use TYK to protect a service that is called from the browser. When the call is getting initiated, we are observing cross domain issue. Is there any configuration that we can use to allow cross-domain?

Thanks,
Jayadatta


#2

Imported Google Group message.
Sender:Martin Buhr.
Date:Tuesday, 4 August 2015 19:43:48 UTC+1.

Hi Jay,
We haven’t looked at CORS at all yet, but will put it on the roadmap.
The easiest thing to do would be to use nginx to URL rewrite a sub-domain or directory for the web app to Tyk as an upstream proxy. That would completely solve the CORS issue.
In fact, this is what the host manager does (bundled with the dashboard), it basically manages an nginx instance. In your case you might not need this though, as it’s designed to manage multiple API definitions across domains, so you could manually configure it. If you take a look at the templates folder that comes with the host manager you can see a way to handle the rewrite easily.
Let me know if that’s a feasible option for you.
Cheers,
Martin


#3

Imported Google Group message.
Sender:Martin Buhr.
Date:Tuesday, 4 August 2015 20:21:08 UTC+1.

Just thought of another option, it’s not pure CORS but should work if you are running 1.7
You can use the response header injector to inject the Access Control header for the domain manually:
Access-Control-Allow-Origin: foo.com
You would need to do this to each API endpoint that is being accessed though.
If you are using a file based configuration then there is a way to make the response headers global by adding them to the response header configuration. Docs are here:
https://tyk.io/v1.7/api-management/transformations/
Obviously this will only work if you have a single inbound domain.
Let me know how it goes,
Thanks,
Martin


#4

Imported Google Group message.
Sender:Martin Buhr.
Date:Tuesday, 4 August 2015 22:22:44 UTC+1.

Hi Jayadatta,
So I’ve added CORS support to v1.8, it will be part of the next release. See the changelog in the GitHub repo to see details.
We’ve completed most of the features for the next release, just need to get all of those features into the dashboard (actually a harder problem, would you believe it?).
Cheers,
Martin


#5

Imported Google Group message.
Sender:Jayadatta Vallabhaneni.
Date:Tuesday, 4 August 2015 23:01:18 UTC+1.

Thanks Martin.

I am planning to use Nginx to rewrite the URL.I think this addresses my need for now.

Do you have any tentative time-frame in mind for v1.8?

Regards,
Jayadatta

  • show quoted text -

#6

Imported Google Group message.
Sender:Martin Buhr.
Date:Tuesday, 4 August 2015 23:03:11 UTC+1.

Sounds good :slight_smile:

I think the next version is still a month away at least, there’s a lot of new UI to pack in, docs to write and bugs to fix.

Cheers,
Martin