<div dir="ltr">No problem, glad we cleared it up!</div><br><div class="gmail_quote"><div dir="ltr">On Tue, 18 Dec 2018 at 17:55, Renato Barros <<a href="mailto:renalexster@gmail.com">renalexster@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Sorry Marc,<br><br>I misunderstood the concept of CORS and the plugin. My APIs are already prepared to use CORS requests. So that, I even don't need to create a CORS Policy in the APIMan.</div><br><div class="gmail_quote"><div dir="ltr">On Tue, 18 Dec 2018 at 14:29, Renato Barros <<a href="mailto:renalexster@gmail.com" target="_blank">renalexster@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Thanks for your reply Marc,<br><br>About the OPTIONS request: It results from the preflight request, so it's not the real request. My frontend is attempting to do a POST request. However, before this, a preflight is sent to the server automatically. The matter is <u>The Preflight Request Fails</u><div><br></div><div><div><img alt="image.png" width="562" height="236"><br></div></div><div><br></div><div>The POST request works.</div><div><br>My question is: Is there some problem with my CORS Policy? Should I disable (turn False) Terminate on Cors Error? Or It's the result of some CORS plugin problem?</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 18 Dec 2018 at 14:04, Marc Savy <<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Just to confirm: the purpose of the CORS plugin is to provide a CORS frontend to a service which does not currently have CORS. It is not to bypass CORS on a backend service that *already* has CORS. </div><div><br></div>I believe you may be misunderstanding how the CORS protocol works.<div><br></div><div>From my recollection, if you are doing a non-simple request (such as yours), then you must execute a preflight request first (which is a special type of OPTIONS request -- <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests</a>). </div><div><br></div><div>The browser first executes the preflight request, THEN it separately and subsequently executes the real request. So, if you were attempting to execute an OPTIONS request then you would execute 2 separate calls. This is done on your behalf transparently by the browser.</div><div><br></div><div>The 'real' call is approved by virtue of the preflight request, and does not require the CORS headers you're including (which make it look like a preflight request).</div><div><br></div><div>Please see: <a href="https://mdn.mozillademos.org/files/16401/preflight_.png" target="_blank">https://mdn.mozillademos.org/files/16401/preflight_.png</a></div><div><br></div><div>If you are doing a *simple* request, as per the CORS specification, then no preflight is required and you embed the headers in the 'real' request as your samples show.</div><div><br></div><div>Does this resolve your issue?</div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 18 Dec 2018 at 12:59, Renato Barros <<a href="mailto:renalexster@gmail.com" target="_blank">renalexster@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello Marc,<br><br>I don't think the problem is associated with <b>Access-Control-Allow-Origin</b>. Below there are two requests using Restlet Client, the first one works without the <b>Header Access-Controle-Request-Method</b>, the second only adding this Header gets fail.<div><br><div><br></div><div><div><img alt="image.png" width="562" height="468"><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 18 Dec 2018 at 09:40, Marc Savy <<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">I think your issue might be the way that you're formulating your request.<div><br></div><div>In order to issue a valid CORS request, you must set your origin header. You should probably try that first.</div><div><br></div><div><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin</a><br></div><div><br></div><div>e.g. curl ... -H "Origin: mymachine.local" </div><div><br></div><div>When using a browser, this is usually issued on your behalf. But, if you're using curl, it won't be.</div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 18 Dec 2018 at 12:35, Renato Barros <<a href="mailto:renalexster@gmail.com" target="_blank">renalexster@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">Hi Marc,<div><br></div><div>I've just updated the image with details. The Access-Control-Allow-Origin already had "*" as value.<br><br><div><img alt="image.png" width="223" height="562"><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 18 Dec 2018 at 05:50, Marc Savy <<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I'm not sure why your browser isn't rendering it, but there should be a list in the Access-Control-Allow-Origin section that would allow you to add an entry such as "*" or "<a href="http://foo.com" target="_blank">foo.com</a>".<div><br></div><div>What is your setup? </div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, 17 Dec 2018 at 19:10, Renato Barros <<a href="mailto:renalexster@gmail.com" target="_blank">renalexster@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hello all,<br><br>I'm getting an error with <b>Access-Control-Request-Method</b> Header in my APIs.<br><br>I posted details in <a href="https://stackoverflow.com/questions/53821510/apiman-return-error-400-for-header-access-control-request-method" target="_blank">StackOverflow</a>. </div><div dir="ltr"><br></div><div dir="ltr">Please, someone could help me?</div></div></div>
_______________________________________________<br>
Apiman-user mailing list<br>
<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/apiman-user</a><br>
</blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>