It did not work . 

I setup everything they way you told me Marc and i'm testing it on my local. 
It seems its sending that preflight OPTIONS and coming back with 401 still 

On Tue, Aug 18, 2015 at 10:48 AM, Fadi Abdin <fadiabdeen@gmail.com> wrote:
I'm still working on it :( .. i had to give the network guys few ip addresses to whitelist so i can mvn install .. ... almost there. 

On Tue, Aug 18, 2015 at 9:46 AM, Marc Savy <marc.savy@redhat.com> wrote:
My pleasure! Did it work?

On 17/08/2015 16:38, Fadi Abdin wrote:
cool .. you're the man ;)


On Mon, Aug 17, 2015 at 11:37 AM, Marc Savy <marc.savy@redhat.com
 <mailto:marc.savy@redhat.com>> wrote:

    I'm actually testing the fix right now. It will land both on the 1.2.x
    branch and the 1.1.x branch shortly. You should be able to test it out
    in a short while: I'll send you an email when it's available.

    On 17/08/2015 16:23, Fadi Abdin wrote:

        Thank you Marc,
        Is there a work around that you can think of ?
        I'm doing it with angularjs  , very simple

        $http({method: 'GET', url: 'http://server/apiman-gateway/service',
        headers: {
              'Authorization': 'Bearer XXXXXXXXXXXXX'}
        });

        I assume you will fix it in the new version , right?



        On Mon, Aug 17, 2015 at 10:52 AM, Marc Savy
        <marc.savy@redhat.com <mailto:marc.savy@redhat.com>
        <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>>> wrote:

             Hi,

             This is related to the JIRA I linked you to
             (https://issues.jboss.org/browse/APIMAN-516). Because of
        the way the
             policy chain currently works the behaviour of CORS is
        invalid in a
             few very specific cases (e.g. when you stack it with an auth
             policy). I'll let you know when it's fixed.

             Regards,
             Marc

             On 17/08/2015 15:44, Fadi Abdin wrote:

                 I have a problem in calling a service in apiman-gateway
        with the
                 Authorization: Bearer <token> in the header.

                 It seems to preflight OPTIONS and return

                   1.
                      X-Policy-Failure-Message:
                      OAuth2 'Authorization' header or 'access_token' query
                 parameter must
                      be provided.

                 I am sending the bearer token with the request and i
        make sure
                 in the
                 preflight its sent in the request.

                   1.
                      Access-Control-Request-Headers:
                      accept, authorization

                 Does anyone know if there Is something i'm missing ?
        do i need
                 to get
                 authorization enabled or added anywhere ? as a side
        note i have
                 below in
                 my api as well:

                 response.setHeader("Access-Control-Allow-Headers",
        "Authorization");


                 _______________________________________________
                 Apiman-user mailing list
        Apiman-user@lists.jboss.org <mailto:Apiman-user@lists.jboss.org>
        <mailto:Apiman-user@lists.jboss.org
        <mailto:Apiman-user@lists.jboss.org>>
        https://lists.jboss.org/mailman/listinfo/apiman-user