CORS Filter Is Not Filtering Requests When Origin Header Is Not Set In Request Calls
(Doc ID 2808825.1)
Last updated on NOVEMBER 18, 2023
Applies to:
Oracle API Platform Cloud Service - Version N/A to N/AInformation in this document applies to any platform.
Symptoms
While testing CORS filter in Postman tool, found below behavior:
The CORS filter is not restricting incoming request when Origin header is not set.
If the Origin is set, then filter is validating value. However, if the header is missing and CORS is enabled for specific domain, then filter is not restricting those transactions.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |