I have configured API-Gateway to call Cloud Function, also we have configured Load Balancer for this API-Gateway host. But we are facing CORS Issue when we invoke this Load balancer end point from our web application.
Question 1: Please guide me on how to add CORS support at API config open-api YAML file. Question 2: How To add Custom authentication endpoint to this open-api config YAML file?
High level flow: webapp --> load balancer url --> API-Gateway --> CloudFunction
I have added CORS backend support at cloud function as per the GCP link: https://cloud.google.com/functions/docs/writing/http#authentication_and_cors
Cloud Function code as follows:
public class Demand implements HttpFunction {
private static final Logger logger = Logger.getLogger(Demand.class.getName());
// Use GSON (https://github.com/google/gson) to parse JSON content.
private static final Gson gson = new Gson();
@Override
public void service(HttpRequest request, HttpResponse response) throws Exception {
String contentType = request.getContentType().orElse("");
logger.info(() -> "contentType: " + contentType);
// Set CORS headers
// Allows GETs from any origin with the Content-Type
// header and caches preflight response for 3600s
response.appendHeader("Access-Control-Allow-Origin", "*");
System.out.println("Added preflight options request support::::::::::");
if ("OPTIONS".equals(request.getMethod())) {
System.out.println("OPTIONS::::::::::::::::");
response.appendHeader("Access-Control-Allow-Methods", "*");
response.appendHeader("Access-Control-Allow-Headers", "Content-Type");
response.appendHeader("Access-Control-Max-Age", "3600");
response.setStatusCode(HttpURLConnection.HTTP_NO_CONTENT);
return;
}
// Handle the main request.
BufferedWriter writer = response.getWriter();
writer.write("CORS headers set successfully!");
}
Open-API spec below:
---
info:
description: Sample API on API Gateway with a Google Cloud Functions backend
title: trigger-post
version: 1.0.0
paths:
/triggerondemand:
post:
consumes:
- application/json
operationId: triggerondemand
parameters:
- description: triggerondemand.
in: body
name: ondemand
schema:
properties:
fileStatus:
type: string
type: object
responses:
'201':
description: Created
summary: triggerondemand
x-google-backend:
address: >-
https://us-east1-neodev-305805.cloudfunctions.net/demand
produces:
- application/json
schemes:
- https
swagger: '2.0'
Browser Error as follows:
Access to XMLHttpRequest at 'https://apitest.dev.app.com/triggerondemand' from origin 'https://dataplatform.dev.app.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Thanks in advance
The answer to both your questions is that this is not possible at the moment.
The GCP API Gateway does not support the handling of CORS at the moment, although it is in the roadmap to be implemented, but you can use a workaround to do that as you can see in this community answer.
On regards to custom authentication, as I decribed in my answer here:
Unfortunately the GCP API Gateway does not provide such option for custom authentication, in order to authenticate using the API Gateway you have to use one of the alternate authentication methods provided in the documentation.