Access-Control-Allow-Credentials Headers are set twice

[Mike Omondi]

Krakend API gateway errors out but the request in the upstream service returns a status code of 200. This is due to Access-Control-Allow-Credentials headers being set twice. I don't know if is because both the API gateway sets this in the config file and express server sets this in the CORS middleware configuration. 

[Albert Lombarte]

Hi,

You can block any headers from reaching your backend by adding a Martian modifier to the following extra configuration:

"backend": [

{

"url_pattern": "...",

"extra_config": {

"modifier/martian": {

"header.Blacklist": {

"scope": ["request"],

"names": ["Access-Control-Allow-Credentials"]

}

}

}

}

],

Hope this helps

El dia dilluns, 2 d’octubre de 2023 a les 18:06:30 UTC+2, mike.ted...@gmail.com va escriure:

[Mike Omondi]

I have tried adding the extra configuration for modifying the response headers using the Martian modifier but there is no effect, the headers still duplicate in the response. I don't understand why.
For example, as from the earlier request made when I want to refresh a token using this route it return a status of 200 OK but the error stops the request from redirecting to another page from the client side.

[Mike Omondi]

Thanks for your reply.

Is there any other configurations that I am missing for setting up the Martian modifier? 

On Wednesday, October 11, 2023 at 10:32:35 AM UTC+3 Albert Lombarte wrote: