I think there may have been some overzealous error detection going on. Please try out the latest master/1.1.x.
On 27/08/2015 20:02, Eric Wittmann wrote:
Hi Fadi.
It's possible this is a bug in the CORS policy or a mis-configuration.
Hopefully Marc can respond shortly.
One thing I'll say is that you *probably* don't need to include
"OPTIONS" as one of the allowed CORS methods.
-Eric
On 8/27/2015 2:48 PM, Fadi Abdin wrote:
> Hey Eric / Marc,
>
> Everything going good so far with the CORS fix but guessing there is
> something still, or maybe i'm doing something wrong ( it always happened
> to me ).
>
> I have setup my CORS Policy in API Man and included
> "Access-Control-Allow-Methods" : "OPTIONS","GET","POST","DELETE",'PUT".
>
> But i get a 403 and "CORS: Invalid preflight request; must use OPTIONS
> verb." on ANY service that is not GET.
>
> OPTIONS Header :
>
> 1.
> Remote Address:
> 172.26.209.66:443 <http://172.26.209.66:443>
> 2.
> Request URL:
> https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
> 3.
> Request Method:
> OPTIONS
> 4.
> Status Code:
> 200 OK
> 1. Response Headersview source
> 1.
> Access-Control-Allow-Headers:
> Accept, Authorization, Head
> 2.
> Access-Control-Allow-Methods:
> OPTIONS, GET, POST, DELETE, PUT
> 3.
> Access-Control-Allow-Origin:
> http://localhost:8383
> 4.
> Access-Control-Max-Age:
> 0
> 5.
> Connection:
> keep-alive
> 6.
> Date:
> Thu, 27 Aug 2015 18:44:39 GMT
> 7.
> Server:
> WildFly/8
> 8.
> Transfer-Encoding:
> chunked
> 9.
> X-Powered-By:
> Undertow/1
> 2. Request Headersview source
> 1.
> Accept:
> */*
> 2.
> Accept-Encoding:
> gzip, deflate, sdch
> 3.
> Accept-Language:
> en-US,en;q=0.8,ar;q=0.6
> 4.
> Access-Control-Request-Headers:
> accept, authorization
> 5.
> Access-Control-Request-Method:
> POST
> 6.
> Cache-Control:
> no-cache
> 7.
> Connection:
> keep-alive
> 8.
> Host:
> dev-internal-api.expdev.local
> 9.
> Origin:
> http://localhost:8383
> 10.
> Pragma:
> no-cache
> 11.
> Referer:
> http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327
>
>
>
>
> POST HEADER
>
> 1.
> Remote Address:
> 172.26.209.66:443 <http://172.26.209.66:443>
> 2.
> Request URL:
> https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
> 3.
> Request Method:
> POST
> 4.
> Status Code:
> 403 Forbidden
> 1. Response Headersview source
> 1.
> Access-Control-Allow-Origin:
> http://localhost:8383
> 2.
> Connection:
> keep-alive
> 3.
> Content-Length:
> 195
> 4.
> Content-Type:
> application/json
> 5.
> Date:
> Thu, 27 Aug 2015 18:44:39 GMT
> 6.
> Server:
> WildFly/8
> 7.
> X-Policy-Failure-Code:
> 400
> 8.
> X-Policy-Failure-Message:
> CORS: Invalid preflight request; must use OPTIONS verb.
> 9.
> X-Policy-Failure-Type:
> Authorization
> 10.
> X-Powered-By:
> Undertow/1
> 2. Request Headersview source
> 1.
> Accept:
> application/json, text/plain, */*
> 2.
> Accept-Encoding:
> gzip, deflate
> 3.
> Accept-Language:
> en-US,en;q=0.8,ar;q=0.6
> 4.
> Authorization:
> Bearer
> eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ
> 5.
> Cache-Control:
> no-cache
> 6.
> Connection:
> keep-alive
> 7.
> Content-Length:
> 0
> 8.
> Host:
> dev-internal-api.expdev.local
> 9.
> Origin:
> http://localhost:8383
> 10.
> Pragma:
> no-cache
> 11.
>
> 12.
>
>
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
_______________________________________________
Apiman-user mailing list
Apiman-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user