Content-type header included in gateway DELETE requests to endpoint
by Jairo Junior
A client-side javascript app is performing the following request:
*DELETE /apiman-gateway/org/service/1.1/resource/7 HTTP/1.1Host:
172.17.0.1:8080 <http://172.17.0.1:8080>User-Agent: Mozilla/5.0 (X11;
Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0Accept:
application/json, text/plain, */*Accept-Language:
en-US,en;q=0.5Accept-Encoding: gzip, deflateAuthorization: Bearer
$ACCESS_TOKENReferer: http://172.17.0.1:3000/
<http://172.17.0.1:3000/>Origin: http://172.17.0.1:3000
<http://172.17.0.1:3000>Connection: keep-alive*
But the gateway is performing the following request to the endpoint:
*DELETE /service/rest/resource/7 HTTP/1.1User-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1)Origin: http://172.17.0.1:3000
<http://172.17.0.1:3000>Accept-Language: en-US,en;q=0.5Accept-Encoding:
gzip, deflateConnection: keep-aliveAuthorization: Bearer
$ACCESS_TOKENAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/msword,
application/vnd.ms-powerpoint, */*Referer: http://172.17.0.1:3000/
<http://172.17.0.1:3000/>Host: 172.17.0.1:8280
<http://172.17.0.1:8280>Content-Type: application/x-www-form-*
*urlencodedContent-Length: 0*
Resulting in a 415 Unsupported Media Type at the endpoint.
GET, POST and PUT requests are OK.
Only using CORS Policy for this endpoint:
*Access-Control-Allow-Origin: *Access-Control-Allow-Credentials:
trueAccess-Control-Allow-Headers: accept, authrotization,
content-typeAccess-Control-Allow-Methods: GET, POST, PUT,
DELETEAccess-Control-Max-Age: 3600*
8 years, 6 months
401 on a CORS preflight request
by Jairo Junior
I've been trying to setup apiman + keycloak-oauth-plugin + keycloak +
keycloak.js with a client-side angularjs app and a REST API. It's a
scenario very similar to
https://github.com/keycloak/keycloak/tree/master/examples/demo-template/a...,
but with apiman and CORS.
My test are going well with curl, but using my javascript app the browser
it is performing a CORS preflight OPTIONS request without authorization
header.
OPTIONS request works well with authorization header using curl, therefore,
I'm not sure whether the browser should include authorization header or
apiman should allows CORS preflight requests (OPTIONS) without
authorization header.
8 years, 7 months
Comercial support
by Tomas Žuklys
Hi,
As far as I know, Red Hat does not provide commercial support for APIMAN.
Is any kind of commercial support possible for current APIMAN?
24x7?
8x5?
Other?
Best regards,
Tomas Zuklys
8 years, 7 months
Regarding apiman deployment
by Bargaje, Rushikesh
Hi,
We are evaluating apiman tool.
We want to deploy this tool on pivotal cloud foundry (PCF).
We are not able to deploy the tool as it is on PCF
We tried to build the application but it is generating multiple war files.
Is there any way to deploy those war files directly on Tomcat instead of using wildfly Platform?
Thanks & Regards,
RUSHIKESH BARGAJE | NTT DATA Global Delivery Services Private Limited | M.+ 91 7767987295 | rushikesh.bargaje(a)nttdata.com<mailto:rushikesh.bargaje@nttdata.com> | Learn more at nttdata.com/americas
______________________________________________________________________
Disclaimer: This email and any attachments are sent in strictest confidence
for the sole use of the addressee and may contain legally privileged,
confidential, and proprietary data. If you are not the intended recipient,
please advise the sender by replying promptly to this email and then delete
and destroy this email and any attachments without any further use, copying
or forwarding.
8 years, 7 months
LIVE APIMAN deployments and Performance
by Tomas Žuklys
Hi APIMAN Gurus,
Disregarding recent Red Hat announcement on 3scale acquisition and knowing
that Red Hat will now be working on merging the 3scale and apiman
technologies, we are still thinking of APIMAN as the main candidate for API
management (Policy Enforcement) solution.
Do you know any LIVE deployments of APIMAN with scale larger than 200 TPS
per node?
Any idea how many APIMAN LIVE deployments are there?
Could you point me to some performance benchmarks of APIMAN, are there any?
Is APIMAN stable enough for going to PRODUCTION?
Thanks in advance!
Best regards,
Tomas Zuklys
8 years, 7 months
