[Apiman-user] HTTP Methods

Fri Aug 28 08:40:57 EDT 2015

latest of cors-policy-plugin?

On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy <marc.savy at redhat.com> wrote:

> I think there may have been some overzealous error detection going on.
> Please try out the latest master/1.1.x.
>
>
> On 27/08/2015 20:02, Eric Wittmann wrote:
>
>> Hi Fadi.
>>
>> It's possible this is a bug in the CORS policy or a mis-configuration.
>> Hopefully Marc can respond shortly.
>>
>> One thing I'll say is that you *probably* don't need to include
>> "OPTIONS" as one of the allowed CORS methods.
>>
>> -Eric
>>
>> On 8/27/2015 2:48 PM, Fadi Abdin wrote:
>> > Hey Eric / Marc,
>> >
>> > Everything going good so far with the CORS fix but guessing there is
>> > something still, or maybe i'm doing something wrong ( it always happened
>> > to me ).
>> >
>> > I have setup my CORS Policy in API Man and included
>> > "Access-Control-Allow-Methods" : "OPTIONS","GET","POST","DELETE",'PUT".
>> >
>> > But i get a 403 and "CORS: Invalid preflight request; must use OPTIONS
>> > verb." on ANY service that is not GET.
>> >
>> > OPTIONS Header :
>> >
>> >       1.
>> >          Remote Address:
>> >          172.26.209.66:443 <http://172.26.209.66:443>
>> >       2.
>> >          Request URL:
>> >
>> https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
>> >       3.
>> >          Request Method:
>> >          OPTIONS
>> >       4.
>> >          Status Code:
>> >          200 OK
>> >   1. Response Headersview source
>> >       1.
>> >          Access-Control-Allow-Headers:
>> >          Accept, Authorization, Head
>> >       2.
>> >          Access-Control-Allow-Methods:
>> >          OPTIONS, GET, POST, DELETE, PUT
>> >       3.
>> >          Access-Control-Allow-Origin:
>> >          http://localhost:8383
>> >       4.
>> >          Access-Control-Max-Age:
>> >          0
>> >       5.
>> >          Connection:
>> >          keep-alive
>> >       6.
>> >          Date:
>> >          Thu, 27 Aug 2015 18:44:39 GMT
>> >       7.
>> >          Server:
>> >          WildFly/8
>> >       8.
>> >          Transfer-Encoding:
>> >          chunked
>> >       9.
>> >          X-Powered-By:
>> >          Undertow/1
>> >   2. Request Headersview source
>> >       1.
>> >          Accept:
>> >          */*
>> >       2.
>> >          Accept-Encoding:
>> >          gzip, deflate, sdch
>> >       3.
>> >          Accept-Language:
>> >          en-US,en;q=0.8,ar;q=0.6
>> >       4.
>> >          Access-Control-Request-Headers:
>> >          accept, authorization
>> >       5.
>> >          Access-Control-Request-Method:
>> >          POST
>> >       6.
>> >          Cache-Control:
>> >          no-cache
>> >       7.
>> >          Connection:
>> >          keep-alive
>> >       8.
>> >          Host:
>> >          dev-internal-api.expdev.local
>> >       9.
>> >          Origin:
>> >          http://localhost:8383
>> >      10.
>> >          Pragma:
>> >          no-cache
>> >      11.
>> >          Referer:
>> >
>> http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327
>> >
>> >
>> >
>> >
>> > POST HEADER
>> >
>> >           1.
>> >              Remote Address:
>> >              172.26.209.66:443 <http://172.26.209.66:443>
>> >           2.
>> >              Request URL:
>> >
>> https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
>> >           3.
>> >              Request Method:
>> >              POST
>> >           4.
>> >              Status Code:
>> >              403 Forbidden
>> >       1. Response Headersview source
>> >           1.
>> >              Access-Control-Allow-Origin:
>> >              http://localhost:8383
>> >           2.
>> >              Connection:
>> >              keep-alive
>> >           3.
>> >              Content-Length:
>> >              195
>> >           4.
>> >              Content-Type:
>> >              application/json
>> >           5.
>> >              Date:
>> >              Thu, 27 Aug 2015 18:44:39 GMT
>> >           6.
>> >              Server:
>> >              WildFly/8
>> >           7.
>> >              X-Policy-Failure-Code:
>> >              400
>> >           8.
>> >              X-Policy-Failure-Message:
>> >              CORS: Invalid preflight request; must use OPTIONS verb.
>> >           9.
>> >              X-Policy-Failure-Type:
>> >              Authorization
>> >          10.
>> >              X-Powered-By:
>> >              Undertow/1
>> >       2. Request Headersview source
>> >           1.
>> >              Accept:
>> >              application/json, text/plain, */*
>> >           2.
>> >              Accept-Encoding:
>> >              gzip, deflate
>> >           3.
>> >              Accept-Language:
>> >              en-US,en;q=0.8,ar;q=0.6
>> >           4.
>> >              Authorization:
>> >              Bearer
>> >
>> eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ
>> >           5.
>> >              Cache-Control:
>> >              no-cache
>> >           6.
>> >              Connection:
>> >              keep-alive
>> >           7.
>> >              Content-Length:
>> >              0
>> >           8.
>> >              Host:
>> >              dev-internal-api.expdev.local
>> >           9.
>> >              Origin:
>> >              http://localhost:8383
>> >          10.
>> >              Pragma:
>> >              no-cache
>> >          11.
>> >
>> > 12.
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > Apiman-user mailing list
>> > Apiman-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/apiman-user
>> >
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150828/478927dd/attachment-0001.html 