Re: [Apiman-user] CORS issue

Something wrong with io.apiman.gateway.engine.beans.util.CaseInsensitiveStringMultiMap. The response headers start off with: [Server=Jetty(9.2.19.v20160908), null, null, Date=Tue, 26 Sep 2017 16:08:00 GMT, null, Content-Type=text/html; charset=ISO-8859-1, null, null, null, X-RateMonitor-Limit=1000, null, WWW-Authenticate=Bearer realm="mytest", error="invalid_token", error_description="Token is not active", X-RateMonitor-Remaining=998, null, null, null, X-RateMonitor-Reset=3119, null, null, null, null, null, null, null, null, null, null, null, null, null, null, Cache-Control=must-revalidate,no-cache,no-store] and after the CORS headers are merged, it's: {Access-Control-Allow-Credentials => [true, Bearer realm="mytest", error="invalid_token", error_description="Token is not active"], Access-Control-Allow-Origin => [http://blah.com, Jetty(9.2.19.v20160908)], Cache-Control => [must-revalidate,no-cache,no-store], Content-Type => [text/html; charset=ISO-8859-1], Date => [Tue, 26 Sep 2017 16:08:00 GMT], Server => [Jetty(9.2.19.v20160908)], WWW-Authenticate => [Bearer realm="mytest", error="invalid_token", error_description="Token is not active"], X-RateMonitor-Limit => [1000], X-RateMonitor-Remaining => [998], X-RateMonitor-Reset => [3119]} The "Server" value and the Access-Control-Allow-Origin are somehow merged. On Tue, Sep 26, 2017 at 11:56 AM Scott Elliott <scottpelliott(a)gmail.com&gt; wrote: