<div dir="ltr">Just to be clear - if X-API-Key is added as an allowed CORS header in the CORS plugin configuration, does that solve the issue?<div><br></div><div>-Eric</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 2, 2017 at 1:17 PM, Celso Agra <span dir="ltr"><<a href="mailto:celso.agra@gmail.com" target="_blank">celso.agra@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">So, there is no prob to pass as query param!<br><br>Thanks Marc<div><br></div><div><div style="font-size:12.8px">Best Regards,</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Celso Agra</div></div></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">2017-10-02 13:49 GMT-03:00 Marc Savy <span dir="ltr"><<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Celso,<div><br></div><div>The query string is encrypted with SSL/TLS.</div><div><br></div><div>Regards,</div><div>Marc </div></div><div class="m_1082622909409402432HOEnZb"><div class="m_1082622909409402432h5"><div class="gmail_extra"><br><div class="gmail_quote">On 2 October 2017 at 17:40, Celso Agra <span dir="ltr"><<a href="mailto:celso.agra@gmail.com" target="_blank">celso.agra@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Yeah! It is! My concern is because I'm passing the apiKey as a query param.<div><br></div><div>I don't know if requests works like this in ssl requests, but I believe that query params can be viewed if you have a sniffer, unlike header params.<br><br>So, I'm probably have to allow X-API-Key header in Apiman requests. Would be possible to add this feature in a plugin or maybe in the Apiman? I'll take a look in some classes to know how to do that.<br><br>I'd like to know if it is a feature that will contribute with the project.<div><br></div><div>Thanks for your answer Marc.</div><div><br></div><div>Best Regards,</div><div><br></div><div>Celso Agra</div><div><br></div></div></div><div class="gmail_extra"><div><div class="m_1082622909409402432m_2173570125702136584h5"><br><div class="gmail_quote">2017-10-02 9:18 GMT-03:00 Marc Savy <span dir="ltr"><<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">If I understand your questions correctly: by default CORS does not allow any custom headers to be sent in the request. This means that Apiman does not receive the X-API-Key header and necessarily can't figure out how to route the request. The same CORS restriction does not exist with query parameters so if you provide it with the query param you'll be okay. <div><br></div><div>Perhaps a (partial) solution to some of these kinds of CORS issues is for Apiman to always indicate that the X-API-Key header is allowed.</div><div><br></div><div>Regards,</div><div>Marc</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_1082622909409402432m_2173570125702136584m_-532345597475559209h5">On 27 September 2017 at 05:35, Celso Agra <span dir="ltr"><<a href="mailto:celso.agra@gmail.com" target="_blank">celso.agra@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_1082622909409402432m_2173570125702136584m_-532345597475559209h5"><div dir="ltr"><div>Hi all,</div><div><br></div><div>I got some errors with CORS plugin when I try to use my API with a contract.</div><div><br></div><div>So, I consume my API passing info through header, such as: Authorization, Content-Type, and X-API-Key.</div><div>I'm talking about a javascript application. So, CORS is a problem for that language.</div><div><br></div><div>When I configure my contract to allow Cross-Origin, the error still there, but if I put my X-API-Key, as a query parameter, the CORS works fine.</div><div>Does anyone could help me to understand that?</div><div><br></div><div>I'm concerned to pass my contract as a query parameter. It should be on Header of my Http Request.</div><div>Please, help me to understand if it is a behaviour of the application and how can I solve this without use query param.</div><div><br></div><div>Best Regards,</div><span class="m_1082622909409402432m_2173570125702136584m_-532345597475559209m_-5569204897354326028HOEnZb"><font color="#888888"><div><br></div>-- <br><div class="m_1082622909409402432m_2173570125702136584m_-532345597475559209m_-5569204897354326028m_3152831030889501606gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><span style="font-family:"Times New Roman";font-size:16px">---<br><b>Celso Agra</b></span></div></div></div></div></div>
</font></span></div>
<br></div></div>______________________________<wbr>_________________<br>
Apiman-user mailing list<br>
<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/apiman-user</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br><br clear="all"><div><br></div></div></div><span class="m_1082622909409402432m_2173570125702136584HOEnZb"><font color="#888888">-- <br><div class="m_1082622909409402432m_2173570125702136584m_-532345597475559209gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><span style="font-family:'Times New Roman';font-size:16px">---<br><b>Celso Agra</b></span></div></div></div></div></div>
</font></span></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br><div class="m_1082622909409402432gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><span style="font-family:'Times New Roman';font-size:16px">---<br><b>Celso Agra</b></span></div></div></div></div></div>
</font></span></div>
<br>______________________________<wbr>_________________<br>
Apiman-user mailing list<br>
<a href="mailto:Apiman-user@lists.jboss.org">Apiman-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/apiman-user</a><br>
<br></blockquote></div><br></div>