Hi @Lily,
I know APIM does allow conditionally overriding header values. You may be able to use the set-body
policy to override as well.
<cors allow-credentials="false">
<allowed-origins>
<origin>https://test.org</origin>
</allowed-origins>
</cors>
<choose>
<when condition="@(context.Request.Headers.GetValueOrDefault("Origin","").Contains("allowedOrigin.com"))">
<set-body template="none" />
</when>
<otherwise />
</choose>
However, what I suggest is setting terminate-unmatched-request
to false, per Scenario 7: terminate-unmatched-request on https://techcommunity.microsoft.com/t5/azure-paas-blog/how-to-troubleshoot-cors-error-in-azure-api-management-service/ba-p/2241695