<div dir="ltr">Thank you Marc, <div>Is there a work around that you can think of ? <div>I'm doing it with angularjs , very simple </div></div><div><br></div><div>$http({method: 'GET', url: '<a href="http://server/apiman-gateway/service" target="_blank">http://server/apiman-gateway/service</a>', headers: {<div> 'Authorization': 'Bearer XXXXXXXXXXXXX'}</div><div>});</div></div><div><br></div><div>I assume you will fix it in the new version , right?</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 17, 2015 at 10:52 AM, Marc Savy <span dir="ltr"><<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
This is related to the JIRA I linked you to (<a href="https://issues.jboss.org/browse/APIMAN-516" rel="noreferrer" target="_blank">https://issues.jboss.org/browse/APIMAN-516</a>). Because of the way the policy chain currently works the behaviour of CORS is invalid in a few very specific cases (e.g. when you stack it with an auth policy). I'll let you know when it's fixed.<br>
<br>
Regards,<br>
Marc<span class=""><br>
<br>
On 17/08/2015 15:44, Fadi Abdin wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
I have a problem in calling a service in apiman-gateway with the<br>
Authorization: Bearer <token> in the header.<br>
<br>
It seems to preflight OPTIONS and return<br>
<br></span>
1.<span class=""><br>
X-Policy-Failure-Message:<br>
OAuth2 'Authorization' header or 'access_token' query parameter must<br>
be provided.<br>
<br>
I am sending the bearer token with the request and i make sure in the<br>
preflight its sent in the request.<br>
<br></span>
1.<span class=""><br>
Access-Control-Request-Headers:<br>
accept, authorization<br>
<br>
Does anyone know if there Is something i'm missing ? do i need to get<br>
authorization enabled or added anywhere ? as a side note i have below in<br>
my api as well:<br>
<br>
response.setHeader("Access-Control-Allow-Headers", "Authorization");<br>
<br>
<br></span>
_______________________________________________<br>
Apiman-user mailing list<br>
<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/apiman-user</a><br>
<br>
</blockquote>
<br>
</blockquote></div><br></div>