Request fails with Unknown header added in "Chrome Restlet Client"

Document ID : KB000113199
Last Modified Date : 10/09/2018
Show Technical Document Details
Issue:
Request fails with Unknown header added in "Chrome Restlet Client"
API-GW : About adding unknown headers from "Chrome Restlet Client"

"500 Internal Server Error" is returned when API is accessed in the following environment 
 Chrome 
 Restlet Client 


Publish API from API Portal in the integrated environment of API Portal and API Gateway.
When accessing the API in the above environment, the following HTTP header was added, resulting in 500 Internal Server Error. 
Origin: chrome-extension: // aejoelaoggembcahagimdiliamlcdmfm 

At that time, the following was recorded in the log. 


[WARNING 415 com.l7tech.external.assertions.cors.server.ServerCORSAssertion: -5: Origin not allowed: chrome-extension://aejoelaoggembcahagimdiliamlcdmfm]

This problem occurs in the integrated environment of Portal 4.0 and API Gateway.
Environment:
API Gateway 9.2
API Portal 4.0
Chrome 
Restlet Client 

 
Cause:
If request is sent from the Restlet Client, the following will be appended to the HTTP header.
  origin:chrome-extension://aejoelaoggembcahagimdiliamlcdmfm 
This happens when the method of Restlet Client is other than GET.
Also, when sending a request to API published from API Portal, "Portal Service Preface fragment" is called.
"Portal Service Preface Fragment" checks the Origin header and fails if it does not match the URL of the requesting source (portal tenant).
If the HTTP header is [origin: chrome-extension: // aejoelaoggembcahagimdiliamlcdmfm], it does not match the requesting URL.
So, "500 Internal Server Error"  occur.
This is a problem of "Restlet Client"
Resolution:
Add appropriate headers with "Restlet Client" and send request.
Name  : Origin 
Value : "URL of Portal tenant" 
         (for example:   http://portaltenant1.ca.com or https://portaltenatn1.ca.com)