My Oracle Support Banner

CORS Filter Is Not Filtering Requests When Origin Header Is Not Set In Request Calls (Doc ID 2808825.1)

Last updated on OCTOBER 04, 2021

Applies to:

Oracle API Platform Cloud Service - Version N/A to N/A
Information in this document applies to any platform.


While testing CORS filter in Postman tool, found below behavior:

The CORS filter is not restricting incoming request when Origin header is not set.
If the Origin is set, then filter is validating value. However, if the header is missing and CORS is enabled for specific domain, then filter is not restricting those transactions.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.