I'm trying to create some APIs in R with Plumber. I have managed to publish the API on a server and I can access them via browser: Swagger is exposed without any authentication. The code is
# api.R
#* Echo back the input
#* @param msg The message to echo
#* @get /echo
function(msg="") {
list(msg = paste0("The message is: '", msg, "'"))
}
#* Plot a histogram
#* @serializer png
#* @get /plot
function() {
rand <- rnorm(100)
hist(rand)
}
#* Return the sum of two numbers
#* @param a The first number to add
#* @param b The second number to add
#* @post /sum
function(a, b) {
as.numeric(a) + as.numeric(b)
}
#* @filter cors
cors <- function(res) {
res$setHeader("Access-Control-Allow-Origin", "*")
plumber::forward()
}
and there are working.
I want to protect them and I think to use Azure API Management service. I have created the service and added the APIs using the Swagger document. Also, I added CORS (as I saw in this post) in the Inbound processing.
In Settings I didn't change anything although I should use OpenID connect.
There is a simple api /echo that requires msg as parameter. If I run the test for this api, I receive 400 Bad Request.
In the Trace I have this error for 3 times:
cors (0.020 ms) "Origin header was missing or empty and the request was classified as not cross-domain. CORS policy was not applied."
I can't find what the error is about. Also, I Enable CORS in the Developer Portal although I think it is totally unrelated.
What did I do wrong? What is the correct configuration?
