webRTC integration with API gateway

MIP
, , ,
1

SLC: M01-C01-251-01-6C4B84

Dear Sir/Madam,

We have been hit with a CORS error during the integration process with the [XProtect API Gateway].

Here is what we have done:

Create an appsettings.Production.json file, and added CORS settings

pciture1
pciture1739×480 122 KB

And the file has been successfully loaded.

picture2
picture2738×480 133 KB

However, the error message is still there, and we saw that the token api is successfully called, but Session.

pciture3
pciture3916×480 92.9 KB

Also, we have tried on the server that host all the services, including the WebRTC testing sample code.

pciture4
pciture4743×480 119 KB

pciture5
pciture5745×480 133 KB

Please let me know if you need any details. Thank you so much.

2

We suspect that something is off on your CORS configuration. My approach would be to setup CORS with full access:

“CORS”: {

             "Enabled": true,

             "Access-Control-Allow-Origin": "\*",

             "Access-Control-Allow-Headers": "\*",

             "Access-Control-Allow-Methods": "\*"

         },

and then slowly change things. Could be change Methods and check that the methods they’ve added works. Then Headers and finally Origin and figure out what makes it fail.

3

We have tried this method but not succeed. Any other method to solve the problem?

4

What did you observe? Did you get CORS error even setting this to full access?

5

yes. give full access but still got CORS error

6

You are not seeing any errors when running on 127.0.0.1. Please share the steps you followed when enabling full access. Did you restart IIS or the application pool for API Gateway afterward? I’m asking because I’m having a hard time making sense of what’s going on. Also, please share the logs from API Gateway located at: [C:\ProgramData\Milestone\XProtect](file:C:/ProgramData/Milestone/XProtect) API Gateway\Logs\gateway.log

7

The 127.0.0.1 is showing the server runnig without an issue.

picture13
picture13742×480 104 KB
Yes, I did restart the application pool, even tried the IIS service.

The actual use case is a web console system with domain name “vlenel-easq60.corp.clp.com.hk” calling to milestone api on browser with domain “ncctvmgt-sspq30.corp.clp.com.hk”.

Fyi, we have also tried wild-setting on appsettings.Production.json

“CORS”:{

“Enabled”: true,

“Access-Control-Allow-Origin”: “*”,

“Access-Control-Allow-Credentials”: true,

“Access-Control-Allow-Methods”: “*”,

“Access-Control-Allow-Headers”: “*”

}

8

Hello Benny,

Can we verify that the CORS changes are applied to IIS first before. Can you please open a browser open Chrome Dev tools, navigate to network and load the page. Then make a screenshot of the .html page you are using and more concrete I want to see the headers of that page to be sure that the server is setting the correct CORS headers. I am looking for something like this:

Screenshot 2026-01-08 at 11.37.17
Screenshot 2026-01-08 at 11.37.172521×419 76.9 KB