While using OLS we need for a project to access an API from a provider that is not CORS configured (no Access-Control-Allow-Origin) and also we need to send an API key which needs to be hidden from client side.
So the desired solution is to use a vhost that has a rewrite rule similar to the one below:
RewriteRule ^/?api/(.*)$ http://domain.com/api/$1?apikey=12345678 [P,QSA]
which will proxy all requests to local /api/ to the http://domain.com/api/ endpoint and also attach the required apikey.
We have added to the vhost the proper External App configuration to be able to proxy.
The proxy solution is working without any issues when using the local /api/ endpoint in all AJAX requests.
But we want to call the /api/ using a distinct subdomain than the main website one for tracking purposes, but in order for this to work we need to setup the CORS headers properly.
We created for the same vhost a context using exp:/.* rule (so to apply to all requests) and in the Header Operations section we added:
Header set Access-Control-Allow-Origin "*"
All requests to this vhost different from /api/ ones are getting the correct header and CORS is working.
The /api/ ones that use the proxy using a rewrite rule do not have the above mentioned header.
Can anyone help us understand if that is a desired functionality (headers stripping) or is this a bug in OLS.
Do we need to modify some other setting in order for the header to be returned also for proxied requests.
Thank you!
So the desired solution is to use a vhost that has a rewrite rule similar to the one below:
RewriteRule ^/?api/(.*)$ http://domain.com/api/$1?apikey=12345678 [P,QSA]
which will proxy all requests to local /api/ to the http://domain.com/api/ endpoint and also attach the required apikey.
We have added to the vhost the proper External App configuration to be able to proxy.
The proxy solution is working without any issues when using the local /api/ endpoint in all AJAX requests.
But we want to call the /api/ using a distinct subdomain than the main website one for tracking purposes, but in order for this to work we need to setup the CORS headers properly.
We created for the same vhost a context using exp:/.* rule (so to apply to all requests) and in the Header Operations section we added:
Header set Access-Control-Allow-Origin "*"
All requests to this vhost different from /api/ ones are getting the correct header and CORS is working.
The /api/ ones that use the proxy using a rewrite rule do not have the above mentioned header.
Can anyone help us understand if that is a desired functionality (headers stripping) or is this a bug in OLS.
Do we need to modify some other setting in order for the header to be returned also for proxied requests.
Thank you!