8:09 a.m.
What you're doing will always require a CORS preflight request (due to the non-simple
headers), and I'm not sure it makes sense for us as an API gateway to funnel through
CORS Preflight requests to the service by default. It complicates things when you start
thinking about metering, security, etc.
Eric, what do you think?
On 19/08/2015 14:02, Fadi Abdin wrote:
So what it seems like is that we have to use CORS Policy and add it
before the Keycloak authentication policy in order for my preflight to
pass .. thats the part i was missing completely . i'm not sure if its
should be considered a bug or flexibility to do what we want .. But
thanks for the explaination Marc.
Anyway .. i'm still having a problem with CORS Policy, probably I just
dont have the latest code. i added some details to the JIRA ticket
On Wed, Aug 19, 2015 at 5:53 AM, Marc Savy <marc.savy(a)redhat.com
<mailto:marc.savy@redhat.com>> wrote:
I replicated your set up as far as I could, and I couldn't replicate
your issue (perhaps your CORS setup is wrong?). Please see the JIRA
comments and screenshots - https://issues.jboss.org/browse/APIMAN-516
Either way, I also fixed a bug unrelated to your problem, so please
re-build the plugins before trying again :-).
On 18/08/2015 19:25, Fadi Abdin wrote:
It did not work .
I setup everything they way you told me Marc and i'm testing it
on my
local.
It seems its sending that preflight OPTIONS and coming back with
401 still
On Tue, Aug 18, 2015 at 10:48 AM, Fadi Abdin
<fadiabdeen(a)gmail.com <mailto:fadiabdeen@gmail.com>
<mailto:fadiabdeen@gmail.com <mailto:fadiabdeen@gmail.com>>>
wrote:
I'm still working on it :( .. i had to give the network
guys few ip
addresses to whitelist so i can mvn install .. ... almost
there.
On Tue, Aug 18, 2015 at 9:46 AM, Marc Savy
<marc.savy(a)redhat.com <mailto:marc.savy@redhat.com>
<mailto:marc.savy@redhat.com
<mailto:marc.savy@redhat.com>>> wrote:
My pleasure! Did it work?
On 17/08/2015 16:38, Fadi Abdin wrote:
cool .. you're the man ;)
On Mon, Aug 17, 2015 at 11:37 AM, Marc Savy
<marc.savy(a)redhat.com <mailto:marc.savy@redhat.com>
<mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>>
<mailto:marc.savy@redhat.com
<mailto:marc.savy@redhat.com> <mailto:marc.savy@redhat.com
<mailto:marc.savy@redhat.com>>>>
wrote:
I'm actually testing the fix right now. It
will land
both on the 1.2.x
branch and the 1.1.x branch shortly. You
should be able
to test it out
in a short while: I'll send you an email when it's
available.
On 17/08/2015 16:23, Fadi Abdin wrote:
Thank you Marc,
Is there a work around that you can think of ?
I'm doing it with angularjs , very simple
$http({method: 'GET', url:
'http://server/apiman-gateway/service',
headers: {
'Authorization': 'Bearer
XXXXXXXXXXXXX'}
});
I assume you will fix it in the new
version , right?
On Mon, Aug 17, 2015 at 10:52 AM, Marc Savy
<marc.savy(a)redhat.com
<mailto:marc.savy@redhat.com> <mailto:marc.savy@redhat.com
<mailto:marc.savy@redhat.com>>
<mailto:marc.savy@redhat.com
<mailto:marc.savy@redhat.com> <mailto:marc.savy@redhat.com
<mailto:marc.savy@redhat.com>>>
<mailto:marc.savy@redhat.com
<mailto:marc.savy@redhat.com>
<mailto:marc.savy@redhat.com
<mailto:marc.savy@redhat.com>> <mailto:marc.savy@redhat.com
<mailto:marc.savy@redhat.com>
<mailto:marc.savy@redhat.com
<mailto:marc.savy@redhat.com>>>>> wrote:
Hi,
This is related to the JIRA I linked
you to
(https://issues.jboss.org/browse/APIMAN-516).
Because of
the way the
policy chain currently works the
behaviour of
CORS is
invalid in a
few very specific cases (e.g. when
you stack
it with an auth
policy). I'll let you know when it's
fixed.
Regards,
Marc
On 17/08/2015 15:44, Fadi Abdin wrote:
I have a problem in calling a
service in
apiman-gateway
with the
Authorization: Bearer <token> in
the header.
It seems to preflight OPTIONS and
return
1.
X-Policy-Failure-Message:
OAuth2 'Authorization' header or
'access_token' query
parameter must
be provided.
I am sending the bearer token
with the
request and i
make sure
in the
preflight its sent in the request.
1.
Access-Control-Request-Headers:
accept, authorization
Does anyone know if there Is
something i'm
missing ?
do i need
to get
authorization enabled or added
anywhere ?
as a side
note i have
below in
my api as well:
response.setHeader("Access-Control-Allow-Headers",
"Authorization");
_______________________________________________
Apiman-user mailing list
Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org>
<mailto:Apiman-user@lists.jboss.org
<mailto:Apiman-user@lists.jboss.org>>
<mailto:Apiman-user@lists.jboss.org
<mailto:Apiman-user@lists.jboss.org>
<mailto:Apiman-user@lists.jboss.org
<mailto:Apiman-user@lists.jboss.org>>>
<mailto:Apiman-user@lists.jboss.org
<mailto:Apiman-user@lists.jboss.org>
<mailto:Apiman-user@lists.jboss.org
<mailto:Apiman-user@lists.jboss.org>>
<mailto:Apiman-user@lists.jboss.org
<mailto:Apiman-user@lists.jboss.org>
<mailto:Apiman-user@lists.jboss.org
<mailto:Apiman-user@lists.jboss.org>>>>
https://lists.jboss.org/mailman/listinfo/apiman-user