My Oracle Support Banner

CORS Filter Is Not Filtering Requests When Origin Header Is Not Set In Request Calls (Doc ID 2808825.1)

Last updated on NOVEMBER 18, 2023

Applies to:

Oracle API Platform Cloud Service - Version N/A to N/A
Information in this document applies to any platform.

Symptoms

While testing CORS filter in Postman tool, found below behavior:

The CORS filter is not restricting incoming request when Origin header is not set.
If the Origin is set, then filter is validating value. However, if the header is missing and CORS is enabled for specific domain, then filter is not restricting those transactions.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.