When we are having some back to back API calls, on the Web Client side we are hitting CORS issues.
We found that the Request Headers are set correctly but still CORS are hit. We found that internally the APIs error out with Error Code 429 – Too many requests. See image attached. This response header should be set correctly to inform Web Client that the error is 429 and not CORS.
The filter we have is a throttling filter and the Cors issue happens when it return the 429 error
public ThrottlingAttribute(double threshold)
{
Threshold = TimeSpan.FromSeconds(threshold);
}
public override void Execute(IRequest req, IResponse res, object requestDto)
{
var now = DateTime.Now;
var reqIdentity = String.Format("{0}:{1}", requestDto.GetType().Name, req.Headers["x-api-key"]);
if(ExludedApiKeys.Contains(req.Headers["x-api-key"].ToUpper()) || ExludedTestApiKeys.Contains(req.Headers["x-api-key"].ToUpper()))
return;
if (RequestLog.TryAdd(reqIdentity, now))
{
return;
}
DateTime lastCall;
if (!RequestLog.TryGetValue(reqIdentity, out lastCall))
{
return;
}
if (lastCall + Threshold >= now)
{
res.StatusCode = 429;
res.StatusDescription = "Too many Requests. Back-off and try again later.";
res.Close();
return;
}
RequestLog.TryUpdate(reqIdentity, now, lastCall);
}
How can we return the error message correctly from the filter without getting the CORS issues. Other request returning an error inside the services dont get the Cors issues