Thank you Marc, 
Is there a work around that you can think of ? 
I'm doing it with angularjs  , very simple 

$http({method: 'GET', url: 'http://server/apiman-gateway/service', headers: {
    'Authorization': 'Bearer XXXXXXXXXXXXX'}
});

I assume you will fix it in the new version , right?



On Mon, Aug 17, 2015 at 10:52 AM, Marc Savy <marc.savy@redhat.com> wrote:
Hi,

This is related to the JIRA I linked you to (https://issues.jboss.org/browse/APIMAN-516). Because of the way the policy chain currently works the behaviour of CORS is invalid in a few very specific cases (e.g. when you stack it with an auth policy). I'll let you know when it's fixed.

Regards,
Marc

On 17/08/2015 15:44, Fadi Abdin wrote:
I have a problem in calling a service in apiman-gateway with the
Authorization: Bearer <token> in the header.

It seems to preflight OPTIONS and return

  1.
    X-Policy-Failure-Message:
    OAuth2 'Authorization' header or 'access_token' query parameter must
    be provided.

I am sending the bearer token with the request and i make sure in the
preflight its sent in the request.

  1.
    Access-Control-Request-Headers:
    accept, authorization

Does anyone know if there Is something i'm missing ?  do i need to get
authorization enabled or added anywhere ? as a side note i have below in
my api as well:

response.setHeader("Access-Control-Allow-Headers", "Authorization");


 _______________________________________________
Apiman-user mailing list
Apiman-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user