Cloud Endpoints Handler SSL redirect blocked by CORS

Question

I would like my Cloud Endpoints API to be called with HTTPS. My app.yaml file contains the following:

# The endpoints handler must be mapped to /_ah/api.
- url: /_ah/api/.*
  script: main.api
  secure: always

If a client (i.e. website) makes an insecure (HTTP) call to the endpoint URL, App Engine performs a redirect to the secure version (HTTPS)

For example, suppose my App Engine app is at http://api.endpoints.my-app.appspot.com and the API endpoint for making a HTTP GET request to the method mymethod is:

http://api.endpoints.my-app.appspot.com/_ah/api/myapp/v1/mymethod

App Engine redirects to the HTTPS version:

https://api.endpoints.my-app.appspot.com/_ah/api/myapp/v1/mymethod

However, the redirect from is blocked:

blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.

How can I add the required header to my resource (i.e. my Cloud Endpoints API on App Engine)? Google's documentation states CORS is enabled by default on App Engine Standard - which is what I'm using. So I'm unsure why this is even a problem.

Yang Guan Yang Guan · Accepted Answer · 2017-03-22T05:02:11

You should be able to configure the Access-Control-Allow-Origin header in app.yml. For your case, please try the following to the app.yml file:

handlers:
- url: /_ah/api/.*
  script: main.api
  secure: always
  http_headers:
    Access-Control-Allow-Origin: http://localhost:4000

Cloud Endpoints Handler SSL redirect blocked by CORS

1 Answers