· Mar 29

CORS problem from my local to Iris server with a REST API

I built my rest api with ^%REST and update with CreateApplication.
Postman works fine and I suppose production server will work fine as UI and rest api will be on the same domain, but for now in dev, I need to have access from my local to the Iris rest api. I have a CORS error.

I do not know how to configure my swagger file to have either Parameter HandleCorsRequest=1 or <route Cors=true in the generated displ,cls.

As adviced in community, I tried in my impl.cls
    Do ..%SetHeader("Access-Control-Allow-Origin", "*")
I even tried 
     Do ..%SetHeader("Access-Control-Allow-Headers", "*") // Content-Type,X-Amz-Date,Authorization,X-Api-Key
    Do ..%SetHeader("Access-Control-Allow-Methods", "*")
No success

Do I need to set the headers in my swagger file? It is not very elegant....
            statusCode: "200"
              method.response.header.Access-Control-Allow-Headers : "'Content-Type,X-Amz-Date,Authorization,X-Api-Key'"
              method.response.header.Access-Control-Allow-Methods : "'*'"
              method.response.header.Access-Control-Allow-Origin : "'*'"

Do I need to have my own copy of disp.cls?

Do you have an elegant solution to manage dev and production to do the switch cors or not cors?

Thank you.

Product version: IRIS 2022.1
Discussion (3)2
Log in or sign up to continue

I solved my problem. I do not need anymore Access-Control-Allow-Origin: *, HandleCorsRequest, or x-ISC_DispatchParent. No change in iris code
My UI is in angular, I created a proxy

    "/api/air": {
    "target": "",
     "secure": false,
     "changeOrigin": true

And my angular server running on http:://localhost:4200 call the api with the url http://localhost:4200/api/air.

A excellent article about cors: