How to configure AKAMAI rules to allow OPTION followed by POST request as it CORS request

Hello,

We are trying to request POST call to internal server where request is passed through AKAMAI. It is CORS request
We can see in web server logs that the OPTIONs call are reaching to web whereas we have to add the headers manually.

The error which we see in google console is:

Access to fetch at ‘https://www-uk-ftprdeu.farnell.com/wcs/resources/store/10151/external/auth/token?responseFormat=json’ from origin ‘https://swagger-for-confluence.warsawdynamics.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

Can anyone suggest how to allow this error to pass through AKAMAI ?

Hi @ajakhadi , welcome! Typically when we see this we add a rule which simply adds the Access-Control-Allow-Origin response header with the value of the origin request header. It’s quite easy to do in the Control Centre, but it effectively removes that CORS control. If that’s OK, then go for it. If you wanted to be a bit more specific, you could only set the ACAO header if the origin request header has one of a list of pre-approved values, again which you can do easily in Property Manager. Just have a rule which matches on the origin request header values, then if matched extract the value and set the ACAO header

1 Like