<div dir="ltr"><div>EAP 7.0 + apiman 1.2.7 overlay, but I've also tried with docker image apiman/on-wildfly10:1.2.7.Final<br><br></div>/apiman-gateway/org/service/1.0 with Keycloak OAuth Policy<br></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Jul 22, 2016 at 8:29 AM Eric Wittmann <<a href="mailto:eric.wittmann@redhat.com">eric.wittmann@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Apiman should allow OPTIONS requests without requiring authorization.<br>
What is your setup/configuration (which app server, etc)? Also what<br>
apiman REST endpoints are you trying to access?<br>
<br>
-Eric<br>
<br>
On 7/22/2016 7:22 AM, Jairo Junior wrote:<br>
> I've been trying to setup apiman + keycloak-oauth-plugin + keycloak +<br>
> keycloak.js with a client-side angularjs app and a REST API. It's a<br>
> scenario very similar to<br>
> <a href="https://github.com/keycloak/keycloak/tree/master/examples/demo-template/angular-product-app" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/tree/master/examples/demo-template/angular-product-app</a>,<br>
> but with apiman and CORS.<br>
><br>
> My test are going well with curl, but using my javascript app the<br>
> browser it is performing a CORS preflight OPTIONS request without<br>
> authorization header.<br>
><br>
> OPTIONS request works well with authorization header using curl,<br>
> therefore, I'm not sure whether the browser should include authorization<br>
> header or apiman should allows CORS preflight requests (OPTIONS) without<br>
> authorization header.<br>
><br>
><br>
> _______________________________________________<br>
> Apiman-user mailing list<br>
> <a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/apiman-user</a><br>
><br>
</blockquote></div>