[Apiman-user] CORS issue
Scott Elliott
scottpelliott at gmail.com
Tue Sep 26 12:15:58 EDT 2017
Something wrong
with io.apiman.gateway.engine.beans.util.CaseInsensitiveStringMultiMap.
The response headers start off with:
[Server=Jetty(9.2.19.v20160908), null, null, Date=Tue, 26 Sep 2017 16:08:00
GMT, null, Content-Type=text/html; charset=ISO-8859-1, null, null, null,
X-RateMonitor-Limit=1000, null, WWW-Authenticate=Bearer realm="mytest",
error="invalid_token", error_description="Token is not active",
X-RateMonitor-Remaining=998, null, null, null, X-RateMonitor-Reset=3119,
null, null, null, null, null, null, null, null, null, null, null, null,
null, null, Cache-Control=must-revalidate,no-cache,no-store]
and after the CORS headers are merged, it's:
{Access-Control-Allow-Credentials => [true, Bearer realm="mytest",
error="invalid_token", error_description="Token is not active"],
Access-Control-Allow-Origin => [http://blah.com, Jetty(9.2.19.v20160908)],
Cache-Control => [must-revalidate,no-cache,no-store], Content-Type =>
[text/html; charset=ISO-8859-1], Date => [Tue, 26 Sep 2017 16:08:00 GMT],
Server => [Jetty(9.2.19.v20160908)], WWW-Authenticate => [Bearer
realm="mytest", error="invalid_token", error_description="Token is not
active"], X-RateMonitor-Limit => [1000], X-RateMonitor-Remaining => [998],
X-RateMonitor-Reset => [3119]}
The "Server" value and the Access-Control-Allow-Origin are somehow merged.
On Tue, Sep 26, 2017 at 11:56 AM Scott Elliott <scottpelliott at gmail.com>
wrote:
> 1.2.8.Final
>
> On Tue, Sep 26, 2017 at 8:04 AM Marc Savy <marc.savy at redhat.com> wrote:
>
>> Hi Scott,
>>
>> Which version of Apiman are you using?
>>
>> Regards,
>> Marc
>>
>> On 26 September 2017 at 00:10, Scott Elliott <scottpelliott at gmail.com>
>> wrote:
>>
>>> Why, when the CORS policy plugin is used, do I get multiple
>>> Access-Control-Allow-Origin headers in the response. From curl:
>>>
>>> Origin: http://blah.com
>>>
>>> Access-Control-Allow-Origin: http://blah.com
>>> Access-Control-Allow-Origin: Jetty(9.2.19.v20160908)
>>>
>>> Chrome does not like the multiple headers, so the API request fails.
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Apiman-user mailing list
>>> Apiman-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20170926/ad7c06aa/attachment.html
More information about the Apiman-user
mailing list