I addressed this for Celso over JIRA.

Summary:

- In general, if you're using CORS you should probably use the query parameter to transmit your access token (if you have one). This is because of a limitation to CORS preflight request phase which never transmits custom headers.

- A separate issue was a bug (now fixed on master) where a data structure would cause certain header-value fields to be mixed up in specific circumstances.

On 28 December 2016 at 14:10, Celso Agra <celso.agra@gmail.com> wrote:
Hi all,

It's me again!
So, I was looking for some solutions about my issue, and I found this: https://issues.jboss.org/browse/APIMAN-516

It seems this issue still occurs with me. I tries to send some headers via ajax, and get this response:
XMLHttpRequest cannot load https://apiman.url. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.56.22:8080' is therefore not allowed access. The response had HTTP status code 500.

Here is the Response Headers:
Connection:close
Content-Type:application/json
Date:Wed, 28 Dec 2016 13:54:08 GMT
Server:Apache/2.4.18 (Ubuntu)
Transfer-Encoding:chunked
X-Gateway-Error:API not public.
X-Powered-By:Undertow/1

and

Here is the Request Headers:
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:authorization, x-api-key
Access-Control-Request-Method:GET
Connection:keep-alive
Host: apiman.url
Origin:http://192.168.56.22:8080
Referer:http://192.168.56.22:8080/app
User-Agent:Mozilla/5.0 ...
Query String Parameters
view source
view URL encoded

Does anyone has the same problem?

Best regards,

--
---
Celso Agra

_______________________________________________
Apiman-user mailing list
Apiman-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user