[Apiman-user] Content-type header included in gateway DELETE requests to endpoint

Eric Wittmann eric.wittmann at redhat.com
Tue Jul 26 08:53:34 EDT 2016 

Question:  what is the consequence of this problem?

It turns out that fixing this issue may require fairly extensive changes 
to how apiman proxies the request to the back end API.  The
http client[1] we are using for this is adding the content length and 
content type automatically for DELETE (as well as PUT and POST) if they 
are missing.  It's doing this because it claims the HTTP spec is 
ambiguous on whether DELETE can have a body.

So how high a priority is this?  Is it causing a specific problem for 
you, or is it simply something you noticed?

-Eric

[1] http://square.github.io/okhttp/


On 7/25/2016 10:06 AM, Jairo Junior wrote:
> Thanks again.
>
> On Mon, Jul 25, 2016 at 10:49 AM Eric Wittmann <eric.wittmann at redhat.com
> <mailto:eric.wittmann at redhat.com>> wrote:
>
>     JIRA issue created.  In case you want to track it:
>
>        https://issues.jboss.org/browse/APIMAN-1210
>
>     -Eric
>
>     On 7/25/2016 9:14 AM, Jairo Junior wrote:
>     > A client-side javascript app is performing the following request:
>     >
>     > /DELETE /apiman-gateway/org/service/1.1/resource/7 HTTP/1.1
>     > Host: 172.17.0.1:8080 <http://172.17.0.1:8080>
>     <http://172.17.0.1:8080>
>     > User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0)
>     > Gecko/20100101 Firefox/47.0
>     > Accept: application/json, text/plain, */*
>     > Accept-Language: en-US,en;q=0.5
>     > Accept-Encoding: gzip, deflate
>     > Authorization: Bearer $ACCESS_TOKEN
>     > Referer: http://172.17.0.1:3000/
>     > Origin: http://172.17.0.1:3000
>     > Connection: keep-alive
>     >
>     > /
>     > But the gateway is performing the following request to the endpoint:
>     >
>     > /DELETE /service/rest/resource/7 HTTP/1.1
>     > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
>     > Origin: http://172.17.0.1:3000
>     > Accept-Language: en-US,en;q=0.5
>     > Accept-Encoding: gzip, deflate
>     > Connection: keep-alive
>     > Authorization: Bearer $ACCESS_TOKEN
>     > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
>     > application/vnd.ms-excel, application/msword,
>     > application/vnd.ms-powerpoint, */*
>     > Referer: http://172.17.0.1:3000/
>     > Host: 172.17.0.1:8280 <http://172.17.0.1:8280>
>     <http://172.17.0.1:8280>
>     > Content-Type: application/x-www-form-//urlencoded
>     > Content-Length: 0
>     >
>     > /
>     > Resulting in a 415 Unsupported Media Type at the endpoint.
>     >
>     > GET, POST and PUT requests are OK.
>     >
>     > Only using CORS Policy for this endpoint:
>     >
>     > /Access-Control-Allow-Origin: *
>     > Access-Control-Allow-Credentials: true
>     > Access-Control-Allow-Headers: accept, authrotization, content-type
>     > Access-Control-Allow-Methods: GET, POST, PUT, DELETE
>     > Access-Control-Max-Age: 3600/
>     >
>     >
>     > _______________________________________________
>     > Apiman-user mailing list
>     > Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>     > https://lists.jboss.org/mailman/listinfo/apiman-user
>     >
>

More information about the Apiman-user mailing list