Challenges with OCI API Gateway Authentication and CORS Configuration
I'm trying to implement I'm trying to debug After trying multiple solutions online, I still can't figure this out. During development of our microservices architecture, I've been tasked with configuring the API Gateway on OCI to properly handle authentication and CORS. The goal is to create a seamless experience for our frontend while ensuring that all security measures are in place. I've set up the API Gateway to accept JWT tokens for authentication. Hereβs a snippet of how I configured it: ```json { "authentication": { "type": "jwt", "jwt": { "issuer": "https://my-auth-provider.com", "audience": "my-api-audience" } } } ``` However, whenever our frontend makes requests, I frequently run into CORS issues. The browser console displays this error: `Access-Control-Allow-Origin' header is missing`. To troubleshoot, I've added the necessary CORS headers in the API Gateway settings to allow requests from our frontend domain. Hereβs what I added: ```json { "cors": { "allowOrigins": ["https://my-frontend.com"], "allowMethods": ["GET", "POST", "OPTIONS"], "allowHeaders": ["Authorization", "Content-Type"] } } ``` Despite these configurations, the CORS errors persist. I've tested the endpoint directly using Postman, and it responds fine without CORS issues, which leads me to believe the problem lies specifically in how the API Gateway is relaying this information. Looking for insights on what could be misconfigured or overlooked. Has anyone faced a similar scenario with OCI API Gateway, particularly regarding JWT authentication and CORS settings? What's the best practice here? The project is a REST API built with Json. What would be the recommended way to handle this? The stack includes Json and several other technologies. Am I missing something obvious?