If I understand your questions correctly: by default CORS does not allow any custom headers to be sent in the request. This means that Apiman does not receive the X-API-Key header and necessarily can't figure out how to route the request. The same CORS restriction does not exist with query parameters so if you provide it with the query param you'll be okay.

Perhaps a (partial) solution to some of these kinds of CORS issues is for Apiman to always indicate that the X-API-Key header is allowed.

Regards,

Marc

On 27 September 2017 at 05:35, Celso Agra <celso.agra@gmail.com> wrote:

Hi all,

I got some errors with CORS plugin when I try to use my API with a contract.

So, I consume my API passing info through header, such as: Authorization, Content-Type, and X-API-Key.
I'm talking about a javascript application. So, CORS is a problem for that language.

When I configure my contract to allow Cross-Origin, the error still there, but if I put my X-API-Key, as a query parameter, the CORS works fine.
Does anyone could help me to understand that?

I'm concerned to pass my contract as a query parameter. It should be on Header of my Http Request.
Please, help me to understand if it is a behaviour of the application and how can I solve this without use query param.

Best Regards,

--
---
Celso Agra

_______________________________________________
Apiman-user mailing list
Apiman-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user