[Apiman-user] HTTP Methods

Marc Savy marc.savy at redhat.com
Fri Aug 28 05:53:05 EDT 2015


I think there may have been some overzealous error detection going on. Please try out the latest master/1.1.x.

On 27/08/2015 20:02, Eric Wittmann wrote:
> Hi Fadi.
>
> It's possible this is a bug in the CORS policy or a mis-configuration.
> Hopefully Marc can respond shortly.
>
> One thing I'll say is that you *probably* don't need to include
> "OPTIONS" as one of the allowed CORS methods.
>
> -Eric
>
> On 8/27/2015 2:48 PM, Fadi Abdin wrote:
> > Hey Eric / Marc,
> >
> > Everything going good so far with the CORS fix but guessing there is
> > something still, or maybe i'm doing something wrong ( it always happened
> > to me ).
> >
> > I have setup my CORS Policy in API Man and included
> > "Access-Control-Allow-Methods" : "OPTIONS","GET","POST","DELETE",'PUT".
> >
> > But i get a 403 and "CORS: Invalid preflight request; must use OPTIONS
> > verb." on ANY service that is not GET.
> >
> > OPTIONS Header :
> >
> >       1.
> >          Remote Address:
> >          172.26.209.66:443 <http://172.26.209.66:443>
> >       2.
> >          Request URL:
> >          https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
> >       3.
> >          Request Method:
> >          OPTIONS
> >       4.
> >          Status Code:
> >          200 OK
> >   1. Response Headersview source
> >       1.
> >          Access-Control-Allow-Headers:
> >          Accept, Authorization, Head
> >       2.
> >          Access-Control-Allow-Methods:
> >          OPTIONS, GET, POST, DELETE, PUT
> >       3.
> >          Access-Control-Allow-Origin:
> >          http://localhost:8383
> >       4.
> >          Access-Control-Max-Age:
> >          0
> >       5.
> >          Connection:
> >          keep-alive
> >       6.
> >          Date:
> >          Thu, 27 Aug 2015 18:44:39 GMT
> >       7.
> >          Server:
> >          WildFly/8
> >       8.
> >          Transfer-Encoding:
> >          chunked
> >       9.
> >          X-Powered-By:
> >          Undertow/1
> >   2. Request Headersview source
> >       1.
> >          Accept:
> >          */*
> >       2.
> >          Accept-Encoding:
> >          gzip, deflate, sdch
> >       3.
> >          Accept-Language:
> >          en-US,en;q=0.8,ar;q=0.6
> >       4.
> >          Access-Control-Request-Headers:
> >          accept, authorization
> >       5.
> >          Access-Control-Request-Method:
> >          POST
> >       6.
> >          Cache-Control:
> >          no-cache
> >       7.
> >          Connection:
> >          keep-alive
> >       8.
> >          Host:
> >          dev-internal-api.expdev.local
> >       9.
> >          Origin:
> >          http://localhost:8383
> >      10.
> >          Pragma:
> >          no-cache
> >      11.
> >          Referer:
> >          http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327
> >
> >
> >
> >
> > POST HEADER
> >
> >           1.
> >              Remote Address:
> >              172.26.209.66:443 <http://172.26.209.66:443>
> >           2.
> >              Request URL:
> >              https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
> >           3.
> >              Request Method:
> >              POST
> >           4.
> >              Status Code:
> >              403 Forbidden
> >       1. Response Headersview source
> >           1.
> >              Access-Control-Allow-Origin:
> >              http://localhost:8383
> >           2.
> >              Connection:
> >              keep-alive
> >           3.
> >              Content-Length:
> >              195
> >           4.
> >              Content-Type:
> >              application/json
> >           5.
> >              Date:
> >              Thu, 27 Aug 2015 18:44:39 GMT
> >           6.
> >              Server:
> >              WildFly/8
> >           7.
> >              X-Policy-Failure-Code:
> >              400
> >           8.
> >              X-Policy-Failure-Message:
> >              CORS: Invalid preflight request; must use OPTIONS verb.
> >           9.
> >              X-Policy-Failure-Type:
> >              Authorization
> >          10.
> >              X-Powered-By:
> >              Undertow/1
> >       2. Request Headersview source
> >           1.
> >              Accept:
> >              application/json, text/plain, */*
> >           2.
> >              Accept-Encoding:
> >              gzip, deflate
> >           3.
> >              Accept-Language:
> >              en-US,en;q=0.8,ar;q=0.6
> >           4.
> >              Authorization:
> >              Bearer
> >              eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ
> >           5.
> >              Cache-Control:
> >              no-cache
> >           6.
> >              Connection:
> >              keep-alive
> >           7.
> >              Content-Length:
> >              0
> >           8.
> >              Host:
> >              dev-internal-api.expdev.local
> >           9.
> >              Origin:
> >              http://localhost:8383
> >          10.
> >              Pragma:
> >              no-cache
> >          11.
> >
> > 12.
> >
> >
> >
> >
> > _______________________________________________
> > Apiman-user mailing list
> > Apiman-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/apiman-user
> >
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>



More information about the Apiman-user mailing list