2:02 p.m.
Hi Fadi.
It's possible this is a bug in the CORS policy or a mis-configuration.
Hopefully Marc can respond shortly.
One thing I'll say is that you *probably* don't need to include
"OPTIONS" as one of the allowed CORS methods.
-Eric
On 8/27/2015 2:48 PM, Fadi Abdin wrote:
Hey Eric / Marc,
Everything going good so far with the CORS fix but guessing there is
something still, or maybe i'm doing something wrong ( it always happened
to me ).
I have setup my CORS Policy in API Man and included
"Access-Control-Allow-Methods" :
"OPTIONS","GET","POST","DELETE",'PUT".
But i get a 403 and "CORS: Invalid preflight request; must use OPTIONS
verb." on ANY service that is not GET.
OPTIONS Header :
1.
Remote Address:
172.26.209.66:443 <http://172.26.209.66:443>
2.
Request URL:
https://dev-internal-api.expdev.local/apiman-gateway/express/integration/...
3.
Request Method:
OPTIONS
4.
Status Code:
200 OK
1. Response Headersview source
1.
Access-Control-Allow-Headers:
Accept, Authorization, Head
2.
Access-Control-Allow-Methods:
OPTIONS, GET, POST, DELETE, PUT
3.
Access-Control-Allow-Origin:
http://localhost:8383
4.
Access-Control-Max-Age:
0
5.
Connection:
keep-alive
6.
Date:
Thu, 27 Aug 2015 18:44:39 GMT
7.
Server:
WildFly/8
8.
Transfer-Encoding:
chunked
9.
X-Powered-By:
Undertow/1
2. Request Headersview source
1.
Accept:
*/*
2.
Accept-Encoding:
gzip, deflate, sdch
3.
Accept-Language:
en-US,en;q=0.8,ar;q=0.6
4.
Access-Control-Request-Headers:
accept, authorization
5.
Access-Control-Request-Method:
POST
6.
Cache-Control:
no-cache
7.
Connection:
keep-alive
8.
Host:
dev-internal-api.expdev.local
9.
Origin:
http://localhost:8383
10.
Pragma:
no-cache
11.
Referer:
http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s...
POST HEADER
1.
Remote Address:
172.26.209.66:443 <http://172.26.209.66:443>
2.
Request URL:
https://dev-internal-api.expdev.local/apiman-gateway/express/integration/...
3.
Request Method:
POST
4.
Status Code:
403 Forbidden
1. Response Headersview source
1.
Access-Control-Allow-Origin:
http://localhost:8383
2.
Connection:
keep-alive
3.
Content-Length:
195
4.
Content-Type:
application/json
5.
Date:
Thu, 27 Aug 2015 18:44:39 GMT
6.
Server:
WildFly/8
7.
X-Policy-Failure-Code:
400
8.
X-Policy-Failure-Message:
CORS: Invalid preflight request; must use OPTIONS verb.
9.
X-Policy-Failure-Type:
Authorization
10.
X-Powered-By:
Undertow/1
2. Request Headersview source
1.
Accept:
application/json, text/plain, */*
2.
Accept-Encoding:
gzip, deflate
3.
Accept-Language:
en-US,en;q=0.8,ar;q=0.6
4.
Authorization:
Bearer
eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ
5.
Cache-Control:
no-cache
6.
Connection:
keep-alive
7.
Content-Length:
0
8.
Host:
dev-internal-api.expdev.local
9.
Origin:
http://localhost:8383
10.
Pragma:
no-cache
11.
12.
_______________________________________________
Apiman-user mailing list
Apiman-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user