How can I set up CORS for the AA server so that my web app on a different domain can access the AA API?

  • 15 June 2022
  • 1 reply

I tried by adding the following middleware to the rules.toml traefik configuration file (added and removed the lines commented out to try to make it work):


   accessControlAllowMethods= ["GET", "OPTIONS", "PUT", "POST"]

   accessControlAllowOriginList = "*"

   accessControlMaxAge = 100

addVaryHeader = true

  # accessControlAllowCredentials = true

  # isDevelopment = true

# accessControlAllowHeaders = true


I then added the middleware to the routers:


 rule = "PathPrefix(`/v1`,`/v2`,`/v3`,`/configurations`,`/realtimeservice`,`/assets/botinsight`) && Method(`GET`,`POST`,`PUT`,`DELETE`,`PATCH`)"

 service = "app"

 priority = 5

 entrypoints = ["web", "websecure"]

 middlewares = ["sameOrigin", "typicalCsp", "noCache", "secHeaders", "sts", "cors"]


It shows the {‘Access-Control-Allow-Origin’ : * } header as being set when I visit

myAADomain/v1/authentication on Postman

postman-headersor through AA's swaggerswagger-headersbut it won't work when I try to access it through the web app we're building:

web-app-header-errorweb-app-header-network-2web-app-header-network-1A similar question was asked at this link and it remains unanswered:;s1oid=00D90000000gDTd&s1nid=0DB6F000000oMPS&emkind=chatterCommentNotification&s1uid=0052t000000r7jA&emtm=1654162916519&fromEmail=1&s1ext=0

1 reply

Userlevel 7
Badge +10

Hello @Marius Maries​ 


I hope you are doing well.



I would request to raise a support case with these details so the support engineer can help you to resolve the issue.