Re: [Apiman-user] HTTP Methods

latest of cors-policy-plugin? On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy <marc.savy(a)redhat.com <mailto:marc.savy@redhat.com>> wrote: I think there may have been some overzealous error detection going on. Please try out the latest master/1.1.x. On 27/08/2015 20:02, Eric Wittmann wrote: Hi Fadi. It's possible this is a bug in the CORS policy or a mis-configuration. Hopefully Marc can respond shortly. One thing I'll say is that you *probably* don't need to include "OPTIONS" as one of the allowed CORS methods. -Eric On 8/27/2015 2:48 PM, Fadi Abdin wrote: > Hey Eric / Marc, > > Everything going good so far with the CORS fix but guessing there is > something still, or maybe i'm doing something wrong ( it always happened > to me ). > > I have setup my CORS Policy in API Man and included > "Access-Control-Allow-Methods" : "OPTIONS","GET","POST","DELETE",'PUT". > > But i get a 403 and "CORS: Invalid preflight request; must use OPTIONS > verb." on ANY service that is not GET. > > OPTIONS Header : > > 1. > Remote Address: > 172.26.209.66:443 <http://172.26.209.66:443> <http://172.26.209.66:443> > 2. > Request URL: > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... > 3. > Request Method: > OPTIONS > 4. > Status Code: > 200 OK > 1. Response Headersview source > 1. > Access-Control-Allow-Headers: > Accept, Authorization, Head > 2. > Access-Control-Allow-Methods: > OPTIONS, GET, POST, DELETE, PUT > 3. > Access-Control-Allow-Origin: > http://localhost:8383 > 4. > Access-Control-Max-Age: > 0 > 5. > Connection: > keep-alive > 6. > Date: > Thu, 27 Aug 2015 18:44:39 GMT > 7. > Server: > WildFly/8 > 8. > Transfer-Encoding: > chunked > 9. > X-Powered-By: > Undertow/1 > 2. Request Headersview source > 1. > Accept: > */* > 2. > Accept-Encoding: > gzip, deflate, sdch > 3. > Accept-Language: > en-US,en;q=0.8,ar;q=0.6 > 4. > Access-Control-Request-Headers: > accept, authorization > 5. > Access-Control-Request-Method: > POST > 6. > Cache-Control: > no-cache > 7. > Connection: > keep-alive > 8. > Host: > dev-internal-api.expdev.local > 9. > Origin: > http://localhost:8383 > 10. > Pragma: > no-cache > 11. > Referer: > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s... > > > > > POST HEADER > > 1. > Remote Address: > 172.26.209.66:443 <http://172.26.209.66:443> <http://172.26.209.66:443> > 2. > Request URL: > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... > 3. > Request Method: > POST > 4. > Status Code: > 403 Forbidden > 1. Response Headersview source > 1. > Access-Control-Allow-Origin: > http://localhost:8383 > 2. > Connection: > keep-alive > 3. > Content-Length: > 195 > 4. > Content-Type: > application/json > 5. > Date: > Thu, 27 Aug 2015 18:44:39 GMT > 6. > Server: > WildFly/8 > 7. > X-Policy-Failure-Code: > 400 > 8. > X-Policy-Failure-Message: > CORS: Invalid preflight request; must use OPTIONS verb. > 9. > X-Policy-Failure-Type: > Authorization > 10. > X-Powered-By: > Undertow/1 > 2. Request Headersview source > 1. > Accept: > application/json, text/plain, */* > 2. > Accept-Encoding: > gzip, deflate > 3. > Accept-Language: > en-US,en;q=0.8,ar;q=0.6 > 4. > Authorization: > Bearer > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > 5. > Cache-Control: > no-cache > 6. > Connection: > keep-alive > 7. > Content-Length: > 0 > 8. > Host: > dev-internal-api.expdev.local > 9. > Origin: > http://localhost:8383 > 10. > Pragma: > no-cache > 11. > > 12. > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/apiman-user > _______________________________________________ Apiman-user mailing list Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/apiman-user