google cloud platform - GCP Load Balancer / API Gateway CORS issue

Question

I have a API hosted on Google Cloud Run and exposed using API Gateway and GCP's Load Balancer in front of the gateway. This API is supposed to be used by multiple tenants, so the requests will come from different origins.

Right now, whenever I try to access the API from another tenant domain, I'm getting a 404 because of a CORS issue.

When I first setted it up, I was getting an error that the Access-Control-Allow-Origin was not present in the response. Then, I updated the Load Balancer config to add Access-Control-Allow-Origin: '*' to the response's header.

Now, after setting the header, I'm still getting 404 but the error message changed to Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Is there a way I can set the Load Balancer to not block request due to a CORS issue?

question from:https://stackoverflow.com/questions/65907498/gcp-load-balancer-api-gateway-cors-issue

Answer 1

Hi Thiago when requesting the API via XMLHttpRequest (XHR) from the browser, the browser will send two requests: 1st with OPTION method to get preflight header (and this has to be handeled) 2nd the actual request POST/GET/...

To conclude: Test if you can make a request using curl, request from the command line will go through as it won't send OPTION request to your endpoint. If that's true it means you are not allowing OPTION request to your endpoint and that's the problem.

Hope this solves your problem.