[Apiman-user] HTTP Methods

[Fadi Abdin]

Hey Eric / Marc,

Everything going good so far with the CORS fix but guessing there is
something still, or maybe i'm doing something wrong ( it always happened to
me ).

I have setup my CORS Policy in API Man and included
"Access-Control-Allow-Methods" : "OPTIONS","GET","POST","DELETE",'PUT".

But i get a 403 and "CORS: Invalid preflight request; must use OPTIONS
verb." on ANY service that is not GET.

OPTIONS Header :


   1. Remote Address:
      172.26.209.66:443
      2. Request URL:

      https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
      3. Request Method:
      OPTIONS
      4. Status Code:
      200 OK
      1. Response Headersview source
      1. Access-Control-Allow-Headers:
      Accept, Authorization, Head
      2. Access-Control-Allow-Methods:
      OPTIONS, GET, POST, DELETE, PUT
      3. Access-Control-Allow-Origin:
      http://localhost:8383
      4. Access-Control-Max-Age:
      0
      5. Connection:
      keep-alive
      6. Date:
      Thu, 27 Aug 2015 18:44:39 GMT
      7. Server:
      WildFly/8
      8. Transfer-Encoding:
      chunked
      9. X-Powered-By:
      Undertow/1
      2. Request Headersview source
      1. Accept:
      */*
      2. Accept-Encoding:
      gzip, deflate, sdch
      3. Accept-Language:
      en-US,en;q=0.8,ar;q=0.6
      4. Access-Control-Request-Headers:
      accept, authorization
      5. Access-Control-Request-Method:
      POST
      6. Cache-Control:
      no-cache
      7. Connection:
      keep-alive
      8. Host:
      dev-internal-api.expdev.local
      9. Origin:
      http://localhost:8383
      10. Pragma:
      no-cache
      11. Referer:

      http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327





POST HEADER


   1. Remote Address:
         172.26.209.66:443
         2. Request URL:

         https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
         3. Request Method:
         POST
         4. Status Code:
         403 Forbidden
         1. Response Headersview source
         1. Access-Control-Allow-Origin:
         http://localhost:8383
         2. Connection:
         keep-alive
         3. Content-Length:
         195
         4. Content-Type:
         application/json
         5. Date:
         Thu, 27 Aug 2015 18:44:39 GMT
         6. Server:
         WildFly/8
         7. X-Policy-Failure-Code:
         400
         8. X-Policy-Failure-Message:
         CORS: Invalid preflight request; must use OPTIONS verb.
         9. X-Policy-Failure-Type:
         Authorization
         10. X-Powered-By:
         Undertow/1
         2. Request Headersview source
         1. Accept:
         application/json, text/plain, */*
         2. Accept-Encoding:
         gzip, deflate
         3. Accept-Language:
         en-US,en;q=0.8,ar;q=0.6
         4. Authorization:
         Bearer
         eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ
         5. Cache-Control:
         no-cache
         6. Connection:
         keep-alive
         7. Content-Length:
         0
         8. Host:
         dev-internal-api.expdev.local
         9. Origin:
         http://localhost:8383
         10. Pragma:
         no-cache
         11.
         12.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150827/2a8f5b9c/attachment-0001.html