I've been having issues with this for too long and I am exhausted...
When my web app is calling my IAP-protected API endpoint, I receive the following error:
No 'Access-Control-Allow-Origin' header is present on the requested resource.. What's interesting is that preflight requests and GET requests work.
The failing request is a POST with content-type: multipart/form-data (I am uploading a file). I've been thinking it's something wrong on my API, but I see this header in the response: x-goog-iap-generated-response: true, according to the documentation, this response is generated by IAP.
I couldn't find any solution to this problem, I've modified my IAP options:
accessSettings:
corsSettings:
allowHttpOptions: true
and it still doesn't work. What am I missing here?