Re: [Apiman-user] CORS

I'm actually testing the fix right now. It will land both on the 1.2.x branch and the 1.1.x branch shortly. You should be able to test it out in a short while: I'll send you an email when it's available. On 17/08/2015 16:23, Fadi Abdin wrote: > Thank you Marc, > Is there a work around that you can think of ? > I'm doing it with angularjs , very simple > > $http({method: 'GET', url: 'http://server/apiman-gateway/service', > headers: { > 'Authorization': 'Bearer XXXXXXXXXXXXX'} > }); > > I assume you will fix it in the new version , right? > > > > On Mon, Aug 17, 2015 at 10:52 AM, Marc Savy <marc.savy(a)redhat.com > <mailto:marc.savy@redhat.com>> wrote: > > Hi, > > This is related to the JIRA I linked you to > (https://issues.jboss.org/browse/APIMAN-516). Because of the way the > policy chain currently works the behaviour of CORS is invalid in a > few very specific cases (e.g. when you stack it with an auth > policy). I'll let you know when it's fixed. > > Regards, > Marc > > On 17/08/2015 15:44, Fadi Abdin wrote: > > I have a problem in calling a service in apiman-gateway with the > Authorization: Bearer <token> in the header. > > It seems to preflight OPTIONS and return > > 1. > X-Policy-Failure-Message: > OAuth2 'Authorization' header or 'access_token' query > parameter must > be provided. > > I am sending the bearer token with the request and i make sure > in the > preflight its sent in the request. > > 1. > Access-Control-Request-Headers: > accept, authorization > > Does anyone know if there Is something i'm missing ? do i need > to get > authorization enabled or added anywhere ? as a side note i have > below in > my api as well: > > response.setHeader("Access-Control-Allow-Headers", > "Authorization"); > > > _______________________________________________ > Apiman-user mailing list > Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/apiman-user > > > >