[Apiman-user] CORS

Eric Wittmann eric.wittmann at redhat.com
Mon Aug 17 12:24:14 EDT 2015 

+1

On 8/17/2015 11:38 AM, Fadi Abdin wrote:
> cool .. you're the man ;)
>
>
> On Mon, Aug 17, 2015 at 11:37 AM, Marc Savy <marc.savy at redhat.com
> <mailto:marc.savy at redhat.com>> wrote:
>
>     I'm actually testing the fix right now. It will land both on the 1.2.x
>     branch and the 1.1.x branch shortly. You should be able to test it out
>     in a short while: I'll send you an email when it's available.
>
>     On 17/08/2015 16:23, Fadi Abdin wrote:
>
>         Thank you Marc,
>         Is there a work around that you can think of ?
>         I'm doing it with angularjs  , very simple
>
>         $http({method: 'GET', url: 'http://server/apiman-gateway/service',
>         headers: {
>               'Authorization': 'Bearer XXXXXXXXXXXXX'}
>         });
>
>         I assume you will fix it in the new version , right?
>
>
>
>         On Mon, Aug 17, 2015 at 10:52 AM, Marc Savy
>         <marc.savy at redhat.com <mailto:marc.savy at redhat.com>
>         <mailto:marc.savy at redhat.com <mailto:marc.savy at redhat.com>>> wrote:
>
>              Hi,
>
>              This is related to the JIRA I linked you to
>              (https://issues.jboss.org/browse/APIMAN-516). Because of
>         the way the
>              policy chain currently works the behaviour of CORS is
>         invalid in a
>              few very specific cases (e.g. when you stack it with an auth
>              policy). I'll let you know when it's fixed.
>
>              Regards,
>              Marc
>
>              On 17/08/2015 15:44, Fadi Abdin wrote:
>
>                  I have a problem in calling a service in apiman-gateway
>         with the
>                  Authorization: Bearer <token> in the header.
>
>                  It seems to preflight OPTIONS and return
>
>                    1.
>                       X-Policy-Failure-Message:
>                       OAuth2 'Authorization' header or 'access_token' query
>                  parameter must
>                       be provided.
>
>                  I am sending the bearer token with the request and i
>         make sure
>                  in the
>                  preflight its sent in the request.
>
>                    1.
>                       Access-Control-Request-Headers:
>                       accept, authorization
>
>                  Does anyone know if there Is something i'm missing ?
>         do i need
>                  to get
>                  authorization enabled or added anywhere ? as a side
>         note i have
>                  below in
>                  my api as well:
>
>                  response.setHeader("Access-Control-Allow-Headers",
>         "Authorization");
>
>
>                  _______________________________________________
>                  Apiman-user mailing list
>         Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>         <mailto:Apiman-user at lists.jboss.org
>         <mailto:Apiman-user at lists.jboss.org>>
>         https://lists.jboss.org/mailman/listinfo/apiman-user
>
>
>
>
>
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>

More information about the Apiman-user mailing list