[Apiman-user] HTTP Methods
Fadi Abdin
fadiabdeen at gmail.com
Fri Aug 28 08:40:57 EDT 2015
latest of cors-policy-plugin?
On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy <marc.savy at redhat.com> wrote:
> I think there may have been some overzealous error detection going on.
> Please try out the latest master/1.1.x.
>
>
> On 27/08/2015 20:02, Eric Wittmann wrote:
>
>> Hi Fadi.
>>
>> It's possible this is a bug in the CORS policy or a mis-configuration.
>> Hopefully Marc can respond shortly.
>>
>> One thing I'll say is that you *probably* don't need to include
>> "OPTIONS" as one of the allowed CORS methods.
>>
>> -Eric
>>
>> On 8/27/2015 2:48 PM, Fadi Abdin wrote:
>> > Hey Eric / Marc,
>> >
>> > Everything going good so far with the CORS fix but guessing there is
>> > something still, or maybe i'm doing something wrong ( it always happened
>> > to me ).
>> >
>> > I have setup my CORS Policy in API Man and included
>> > "Access-Control-Allow-Methods" : "OPTIONS","GET","POST","DELETE",'PUT".
>> >
>> > But i get a 403 and "CORS: Invalid preflight request; must use OPTIONS
>> > verb." on ANY service that is not GET.
>> >
>> > OPTIONS Header :
>> >
>> > 1.
>> > Remote Address:
>> > 172.26.209.66:443 <http://172.26.209.66:443>
>> > 2.
>> > Request URL:
>> >
>> https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
>> > 3.
>> > Request Method:
>> > OPTIONS
>> > 4.
>> > Status Code:
>> > 200 OK
>> > 1. Response Headersview source
>> > 1.
>> > Access-Control-Allow-Headers:
>> > Accept, Authorization, Head
>> > 2.
>> > Access-Control-Allow-Methods:
>> > OPTIONS, GET, POST, DELETE, PUT
>> > 3.
>> > Access-Control-Allow-Origin:
>> > http://localhost:8383
>> > 4.
>> > Access-Control-Max-Age:
>> > 0
>> > 5.
>> > Connection:
>> > keep-alive
>> > 6.
>> > Date:
>> > Thu, 27 Aug 2015 18:44:39 GMT
>> > 7.
>> > Server:
>> > WildFly/8
>> > 8.
>> > Transfer-Encoding:
>> > chunked
>> > 9.
>> > X-Powered-By:
>> > Undertow/1
>> > 2. Request Headersview source
>> > 1.
>> > Accept:
>> > */*
>> > 2.
>> > Accept-Encoding:
>> > gzip, deflate, sdch
>> > 3.
>> > Accept-Language:
>> > en-US,en;q=0.8,ar;q=0.6
>> > 4.
>> > Access-Control-Request-Headers:
>> > accept, authorization
>> > 5.
>> > Access-Control-Request-Method:
>> > POST
>> > 6.
>> > Cache-Control:
>> > no-cache
>> > 7.
>> > Connection:
>> > keep-alive
>> > 8.
>> > Host:
>> > dev-internal-api.expdev.local
>> > 9.
>> > Origin:
>> > http://localhost:8383
>> > 10.
>> > Pragma:
>> > no-cache
>> > 11.
>> > Referer:
>> >
>> http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327
>> >
>> >
>> >
>> >
>> > POST HEADER
>> >
>> > 1.
>> > Remote Address:
>> > 172.26.209.66:443 <http://172.26.209.66:443>
>> > 2.
>> > Request URL:
>> >
>> https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
>> > 3.
>> > Request Method:
>> > POST
>> > 4.
>> > Status Code:
>> > 403 Forbidden
>> > 1. Response Headersview source
>> > 1.
>> > Access-Control-Allow-Origin:
>> > http://localhost:8383
>> > 2.
>> > Connection:
>> > keep-alive
>> > 3.
>> > Content-Length:
>> > 195
>> > 4.
>> > Content-Type:
>> > application/json
>> > 5.
>> > Date:
>> > Thu, 27 Aug 2015 18:44:39 GMT
>> > 6.
>> > Server:
>> > WildFly/8
>> > 7.
>> > X-Policy-Failure-Code:
>> > 400
>> > 8.
>> > X-Policy-Failure-Message:
>> > CORS: Invalid preflight request; must use OPTIONS verb.
>> > 9.
>> > X-Policy-Failure-Type:
>> > Authorization
>> > 10.
>> > X-Powered-By:
>> > Undertow/1
>> > 2. Request Headersview source
>> > 1.
>> > Accept:
>> > application/json, text/plain, */*
>> > 2.
>> > Accept-Encoding:
>> > gzip, deflate
>> > 3.
>> > Accept-Language:
>> > en-US,en;q=0.8,ar;q=0.6
>> > 4.
>> > Authorization:
>> > Bearer
>> >
>> eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ
>> > 5.
>> > Cache-Control:
>> > no-cache
>> > 6.
>> > Connection:
>> > keep-alive
>> > 7.
>> > Content-Length:
>> > 0
>> > 8.
>> > Host:
>> > dev-internal-api.expdev.local
>> > 9.
>> > Origin:
>> > http://localhost:8383
>> > 10.
>> > Pragma:
>> > no-cache
>> > 11.
>> >
>> > 12.
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > Apiman-user mailing list
>> > Apiman-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/apiman-user
>> >
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150828/478927dd/attachment-0001.html
More information about the Apiman-user
mailing list