How to disable CORS headers from downstream services?

[a510]

I handle CORS in the Gateway project and everything works fine, but some of the downstream services mistakenly add CORS headers to the downstream response (e.g. allow-access-control-origin: *) which breaks the CORS configuration in the Gateway project.
Is there a built-in feature for disabling CORS headers from downstream services ?

[ks1990cn]

Gateway can not do that. Infact no api can change configuration of any other API.

[a510]

I didn't mean to change other APIs. I mean to remove CORS headers from downstream responses and set its own headers before returning the HTTP response.
Note that Ocelot already add some headers to the responses.

[raman-m]

@a510 Hi Ahmad!
Welcome to Ocelot world!

Is there a built-in feature for disabling CORS headers from downstream services ?

No! You have to write special Delegating Handler or Middleware overriding module to process downstream response headers.

[a510]

Thanks for your reply.
I used a Delegating Handler.

[raman-m]

Consider closing the discussion if answered.