WSO2 API Manager CORS

Question

I\'d like to enable CORS on my WSO2 API Manager instance for all endpoints. I\'ve been through the documentation (which is great) and it suggests altering the r

Answer 1

CORS configurations are valid for the APIs created using the Publisher applications. The token apis (- '/token', '/revoke') are not covered from this configurations.

CORS headers are handled using a handler

org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler

If you open a synapse configuration for an api in /repository/deployment/server/synapse-configs/default/api you would find this handler.

You can set this handler to the RevokeAPI.xml and TokenAPI.xml as well. (these are in the same location /repository/deployment/server/synapse-configs/default/api). It would be something like this in the configuration file