Hi Fadi. It's possible this is a bug in the CORS policy or a mis-configuration. Hopefully Marc can respond shortly. One thing I'll say is that you *probably* don't need to include "OPTIONS" as one of the allowed CORS methods. -Eric On 8/27/2015 2:48 PM, Fadi Abdin wrote: > Hey Eric / Marc, > > Everything going good so far with the CORS fix but guessing there is > something still, or maybe i'm doing something wrong ( it always happened > to me ). > > I have setup my CORS Policy in API Man and included > "Access-Control-Allow-Methods" : "OPTIONS","GET","POST","DELETE",'PUT". > > But i get a 403 and "CORS: Invalid preflight request; must use OPTIONS > verb." on ANY service that is not GET. > > OPTIONS Header : > > 1. > Remote Address: > 172.26.209.66:443 <http://172.26.209.66:443> > 2. > Request URL: > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... > 3. > Request Method: > OPTIONS > 4. > Status Code: > 200 OK > 1. Response Headersview source > 1. > Access-Control-Allow-Headers: > Accept, Authorization, Head > 2. > Access-Control-Allow-Methods: > OPTIONS, GET, POST, DELETE, PUT > 3. > Access-Control-Allow-Origin: > http://localhost:8383 > 4. > Access-Control-Max-Age: > 0 > 5. > Connection: > keep-alive > 6. > Date: > Thu, 27 Aug 2015 18:44:39 GMT > 7. > Server: > WildFly/8 > 8. > Transfer-Encoding: > chunked > 9. > X-Powered-By: > Undertow/1 > 2. Request Headersview source > 1. > Accept: > */* > 2. > Accept-Encoding: > gzip, deflate, sdch > 3. > Accept-Language: > en-US,en;q=0.8,ar;q=0.6 > 4. > Access-Control-Request-Headers: > accept, authorization > 5. > Access-Control-Request-Method: > POST > 6. > Cache-Control: > no-cache > 7. > Connection: > keep-alive > 8. > Host: > dev-internal-api.expdev.local > 9. > Origin: > http://localhost:8383 > 10. > Pragma: > no-cache > 11. > Referer: > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s... > > > > > POST HEADER > > 1. > Remote Address: > 172.26.209.66:443 <http://172.26.209.66:443> > 2. > Request URL: > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... > 3. > Request Method: > POST > 4. > Status Code: > 403 Forbidden > 1. Response Headersview source > 1. > Access-Control-Allow-Origin: > http://localhost:8383 > 2. > Connection: > keep-alive > 3. > Content-Length: > 195 > 4. > Content-Type: > application/json > 5. > Date: > Thu, 27 Aug 2015 18:44:39 GMT > 6. > Server: > WildFly/8 > 7. > X-Policy-Failure-Code: > 400 > 8. > X-Policy-Failure-Message: > CORS: Invalid preflight request; must use OPTIONS verb. > 9. > X-Policy-Failure-Type: > Authorization > 10. > X-Powered-By: > Undertow/1 > 2. Request Headersview source > 1. > Accept: > application/json, text/plain, */* > 2. > Accept-Encoding: > gzip, deflate > 3. > Accept-Language: > en-US,en;q=0.8,ar;q=0.6 > 4. > Authorization: > Bearer > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > 5. > Cache-Control: > no-cache > 6. > Connection: > keep-alive > 7. > Content-Length: > 0 > 8. > Host: > dev-internal-api.expdev.local > 9. > Origin: > http://localhost:8383 > 10. > Pragma: > no-cache > 11. > > 12. > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > _______________________________________________ Apiman-user mailing list Apiman-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user

latest of cors-policy-plugin? On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy <marc.savy(a)redhat.com <mailto:marc.savy@redhat.com>> wrote: I think there may have been some overzealous error detection going on. Please try out the latest master/1.1.x. On 27/08/2015 20:02, Eric Wittmann wrote: Hi Fadi. It's possible this is a bug in the CORS policy or a mis-configuration. Hopefully Marc can respond shortly. One thing I'll say is that you *probably* don't need to include "OPTIONS" as one of the allowed CORS methods. -Eric On 8/27/2015 2:48 PM, Fadi Abdin wrote: > Hey Eric / Marc, > > Everything going good so far with the CORS fix but guessing there is > something still, or maybe i'm doing something wrong ( it always happened > to me ). > > I have setup my CORS Policy in API Man and included > "Access-Control-Allow-Methods" : "OPTIONS","GET","POST","DELETE",'PUT". > > But i get a 403 and "CORS: Invalid preflight request; must use OPTIONS > verb." on ANY service that is not GET. > > OPTIONS Header : > > 1. > Remote Address: > 172.26.209.66:443 <http://172.26.209.66:443> <http://172.26.209.66:443> > 2. > Request URL: > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... > 3. > Request Method: > OPTIONS > 4. > Status Code: > 200 OK > 1. Response Headersview source > 1. > Access-Control-Allow-Headers: > Accept, Authorization, Head > 2. > Access-Control-Allow-Methods: > OPTIONS, GET, POST, DELETE, PUT > 3. > Access-Control-Allow-Origin: > http://localhost:8383 > 4. > Access-Control-Max-Age: > 0 > 5. > Connection: > keep-alive > 6. > Date: > Thu, 27 Aug 2015 18:44:39 GMT > 7. > Server: > WildFly/8 > 8. > Transfer-Encoding: > chunked > 9. > X-Powered-By: > Undertow/1 > 2. Request Headersview source > 1. > Accept: > */* > 2. > Accept-Encoding: > gzip, deflate, sdch > 3. > Accept-Language: > en-US,en;q=0.8,ar;q=0.6 > 4. > Access-Control-Request-Headers: > accept, authorization > 5. > Access-Control-Request-Method: > POST > 6. > Cache-Control: > no-cache > 7. > Connection: > keep-alive > 8. > Host: > dev-internal-api.expdev.local > 9. > Origin: > http://localhost:8383 > 10. > Pragma: > no-cache > 11. > Referer: > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s... > > > > > POST HEADER > > 1. > Remote Address: > 172.26.209.66:443 <http://172.26.209.66:443> <http://172.26.209.66:443> > 2. > Request URL: > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... > 3. > Request Method: > POST > 4. > Status Code: > 403 Forbidden > 1. Response Headersview source > 1. > Access-Control-Allow-Origin: > http://localhost:8383 > 2. > Connection: > keep-alive > 3. > Content-Length: > 195 > 4. > Content-Type: > application/json > 5. > Date: > Thu, 27 Aug 2015 18:44:39 GMT > 6. > Server: > WildFly/8 > 7. > X-Policy-Failure-Code: > 400 > 8. > X-Policy-Failure-Message: > CORS: Invalid preflight request; must use OPTIONS verb. > 9. > X-Policy-Failure-Type: > Authorization > 10. > X-Powered-By: > Undertow/1 > 2. Request Headersview source > 1. > Accept: > application/json, text/plain, */* > 2. > Accept-Encoding: > gzip, deflate > 3. > Accept-Language: > en-US,en;q=0.8,ar;q=0.6 > 4. > Authorization: > Bearer > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > 5. > Cache-Control: > no-cache > 6. > Connection: > keep-alive > 7. > Content-Length: > 0 > 8. > Host: > dev-internal-api.expdev.local > 9. > Origin: > http://localhost:8383 > 10. > Pragma: > no-cache > 11. > > 12. > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/apiman-user > _______________________________________________ Apiman-user mailing list Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/apiman-user

Fadi - Is this all working as expected? ----- Original Message ----- From: "Marc Savy" <marc.savy(a)redhat.com&gt; To: "Fadi Abdin" <fadiabdeen(a)gmail.com&gt; Cc: "apiman-user" <apiman-user(a)lists.jboss.org&gt; Sent: Friday, 28 August, 2015 1:42:25 PM Subject: Re: [Apiman-user] HTTP Methods Should be 'apiman-plugins-cors-policy' ; repo is 'apiman-plugins' On 28/08/2015 13:40, Fadi Abdin wrote: > latest of cors-policy-plugin? > > On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy <marc.savy(a)redhat.com > <mailto:marc.savy@redhat.com>> wrote: > > I think there may have been some overzealous error detection going > on. Please try out the latest master/1.1.x. > > > On 27/08/2015 20:02, Eric Wittmann wrote: > > Hi Fadi. > > It's possible this is a bug in the CORS policy or a > mis-configuration. > Hopefully Marc can respond shortly. > > One thing I'll say is that you *probably* don't need to include > "OPTIONS" as one of the allowed CORS methods. > > -Eric > > On 8/27/2015 2:48 PM, Fadi Abdin wrote: > > Hey Eric / Marc, > > > > Everything going good so far with the CORS fix but guessing > there is > > something still, or maybe i'm doing something wrong ( it > always happened > > to me ). > > > > I have setup my CORS Policy in API Man and included > > "Access-Control-Allow-Methods" : > "OPTIONS","GET","POST","DELETE",'PUT". > > > > But i get a 403 and "CORS: Invalid preflight request; must > use OPTIONS > > verb." on ANY service that is not GET. > > > > OPTIONS Header : > > > > 1. > > Remote Address: > > 172.26.209.66:443 <http://172.26.209.66:443> > <http://172.26.209.66:443> > > 2. > > Request URL: > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... > > 3. > > Request Method: > > OPTIONS > > 4. > > Status Code: > > 200 OK > > 1. Response Headersview source > > 1. > > Access-Control-Allow-Headers: > > Accept, Authorization, Head > > 2. > > Access-Control-Allow-Methods: > > OPTIONS, GET, POST, DELETE, PUT > > 3. > > Access-Control-Allow-Origin: > > http://localhost:8383 > > 4. > > Access-Control-Max-Age: > > 0 > > 5. > > Connection: > > keep-alive > > 6. > > Date: > > Thu, 27 Aug 2015 18:44:39 GMT > > 7. > > Server: > > WildFly/8 > > 8. > > Transfer-Encoding: > > chunked > > 9. > > X-Powered-By: > > Undertow/1 > > 2. Request Headersview source > > 1. > > Accept: > > */* > > 2. > > Accept-Encoding: > > gzip, deflate, sdch > > 3. > > Accept-Language: > > en-US,en;q=0.8,ar;q=0.6 > > 4. > > Access-Control-Request-Headers: > > accept, authorization > > 5. > > Access-Control-Request-Method: > > POST > > 6. > > Cache-Control: > > no-cache > > 7. > > Connection: > > keep-alive > > 8. > > Host: > > dev-internal-api.expdev.local > > 9. > > Origin: > > http://localhost:8383 > > 10. > > Pragma: > > no-cache > > 11. > > Referer: > > > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s... > > > > > > > > > > POST HEADER > > > > 1. > > Remote Address: > > 172.26.209.66:443 <http://172.26.209.66:443> > <http://172.26.209.66:443> > > 2. > > Request URL: > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... > > 3. > > Request Method: > > POST > > 4. > > Status Code: > > 403 Forbidden > > 1. Response Headersview source > > 1. > > Access-Control-Allow-Origin: > > http://localhost:8383 > > 2. > > Connection: > > keep-alive > > 3. > > Content-Length: > > 195 > > 4. > > Content-Type: > > application/json > > 5. > > Date: > > Thu, 27 Aug 2015 18:44:39 GMT > > 6. > > Server: > > WildFly/8 > > 7. > > X-Policy-Failure-Code: > > 400 > > 8. > > X-Policy-Failure-Message: > > CORS: Invalid preflight request; must use > OPTIONS verb. > > 9. > > X-Policy-Failure-Type: > > Authorization > > 10. > > X-Powered-By: > > Undertow/1 > > 2. Request Headersview source > > 1. > > Accept: > > application/json, text/plain, */* > > 2. > > Accept-Encoding: > > gzip, deflate > > 3. > > Accept-Language: > > en-US,en;q=0.8,ar;q=0.6 > > 4. > > Authorization: > > Bearer > > > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > > 5. > > Cache-Control: > > no-cache > > 6. > > Connection: > > keep-alive > > 7. > > Content-Length: > > 0 > > 8. > > Host: > > dev-internal-api.expdev.local > > 9. > > Origin: > > http://localhost:8383 > > 10. > > Pragma: > > no-cache > > 11. > > > > 12. > > > > > > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user(a)lists.jboss.org <mailto: Apiman-user(a)lists.jboss.org&gt; > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > _______________________________________________ > Apiman-user mailing list > Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/apiman-user > > > _______________________________________________ Apiman-user mailing list Apiman-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user

Hey Marc , There is still a problem. I just installed the latest version and tried a POST , the preflight passes but the acual post failes .. check this Pre-Flight : https://gist.github.com/fadiabdeen/fad62e55a3fa161f8b82 Post : https://gist.github.com/fadiabdeen/6990954142c936e3c54a On Sat, Sep 5, 2015 at 7:29 AM, Fadi Abdin <fadiabdeen(a)gmail.com <mailto:fadiabdeen@gmail.com>> wrote: Hey Marc, Thanks for asking.. I did not try updating the new version to get other the GET to work. Otherwise everything was perfect until Friday. and all the sudden some services start giving 500 when calling them (only in one of the environments setup). then i tried duplicating the the service and pumpup the version and it worked .. that was weird. but the cors didnt work. I did not fully invistigate whats going on but i was ready to send you an email explaining what happened after collecting more information. i'm not sure why i keep having some issues like this . but if i got a chance this weekend i might send you details. Thanks, Fadi On Sat, Sep 5, 2015 at 7:20 AM, Marc Savy <msavy(a)redhat.com <mailto:msavy@redhat.com>> wrote: Fadi - Is this all working as expected? ----- Original Message ----- From: "Marc Savy" <marc.savy(a)redhat.com <mailto:marc.savy@redhat.com>> To: "Fadi Abdin" <fadiabdeen(a)gmail.com <mailto:fadiabdeen@gmail.com>> Cc: "apiman-user" <apiman-user(a)lists.jboss.org <mailto:apiman-user@lists.jboss.org>> Sent: Friday, 28 August, 2015 1:42:25 PM Subject: Re: [Apiman-user] HTTP Methods Should be 'apiman-plugins-cors-policy' ; repo is 'apiman-plugins' On 28/08/2015 13:40, Fadi Abdin wrote: > latest of cors-policy-plugin? > > On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy <marc.savy(a)redhat.com <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>>> wrote: > > I think there may have been some overzealous error detection going > on. Please try out the latest master/1.1.x. > > > On 27/08/2015 20:02, Eric Wittmann wrote: > > Hi Fadi. > > It's possible this is a bug in the CORS policy or a > mis-configuration. > Hopefully Marc can respond shortly. > > One thing I'll say is that you *probably* don't need to include > "OPTIONS" as one of the allowed CORS methods. > > -Eric > > On 8/27/2015 2:48 PM, Fadi Abdin wrote: > > Hey Eric / Marc, > > > > Everything going good so far with the CORS fix but guessing > there is > > something still, or maybe i'm doing something wrong ( it > always happened > > to me ). > > > > I have setup my CORS Policy in API Man and included > > "Access-Control-Allow-Methods" : > "OPTIONS","GET","POST","DELETE",'PUT". > > > > But i get a 403 and "CORS: Invalid preflight request; must > use OPTIONS > > verb." on ANY service that is not GET. > > > > OPTIONS Header : > > > > 1. > > Remote Address: > > 172.26.209.66:443 <http://172.26.209.66:443> <http://172.26.209.66:443> > <http://172.26.209.66:443> > > 2. > > Request URL: > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... > > 3. > > Request Method: > > OPTIONS > > 4. > > Status Code: > > 200 OK > > 1. Response Headersview source > > 1. > > Access-Control-Allow-Headers: > > Accept, Authorization, Head > > 2. > > Access-Control-Allow-Methods: > > OPTIONS, GET, POST, DELETE, PUT > > 3. > > Access-Control-Allow-Origin: > > http://localhost:8383 > > 4. > > Access-Control-Max-Age: > > 0 > > 5. > > Connection: > > keep-alive > > 6. > > Date: > > Thu, 27 Aug 2015 18:44:39 GMT > > 7. > > Server: > > WildFly/8 > > 8. > > Transfer-Encoding: > > chunked > > 9. > > X-Powered-By: > > Undertow/1 > > 2. Request Headersview source > > 1. > > Accept: > > */* > > 2. > > Accept-Encoding: > > gzip, deflate, sdch > > 3. > > Accept-Language: > > en-US,en;q=0.8,ar;q=0.6 > > 4. > > Access-Control-Request-Headers: > > accept, authorization > > 5. > > Access-Control-Request-Method: > > POST > > 6. > > Cache-Control: > > no-cache > > 7. > > Connection: > > keep-alive > > 8. > > Host: > > dev-internal-api.expdev.local > > 9. > > Origin: > > http://localhost:8383 > > 10. > > Pragma: > > no-cache > > 11. > > Referer: > > > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s... > > > > > > > > > > POST HEADER > > > > 1. > > Remote Address: > > 172.26.209.66:443 <http://172.26.209.66:443> <http://172.26.209.66:443> > <http://172.26.209.66:443> > > 2. > > Request URL: > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... > > 3. > > Request Method: > > POST > > 4. > > Status Code: > > 403 Forbidden > > 1. Response Headersview source > > 1. > > Access-Control-Allow-Origin: > > http://localhost:8383 > > 2. > > Connection: > > keep-alive > > 3. > > Content-Length: > > 195 > > 4. > > Content-Type: > > application/json > > 5. > > Date: > > Thu, 27 Aug 2015 18:44:39 GMT > > 6. > > Server: > > WildFly/8 > > 7. > > X-Policy-Failure-Code: > > 400 > > 8. > > X-Policy-Failure-Message: > > CORS: Invalid preflight request; must use > OPTIONS verb. > > 9. > > X-Policy-Failure-Type: > > Authorization > > 10. > > X-Powered-By: > > Undertow/1 > > 2. Request Headersview source > > 1. > > Accept: > > application/json, text/plain, */* > > 2. > > Accept-Encoding: > > gzip, deflate > > 3. > > Accept-Language: > > en-US,en;q=0.8,ar;q=0.6 > > 4. > > Authorization: > > Bearer > > > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > > 5. > > Cache-Control: > > no-cache > > 6. > > Connection: > > keep-alive > > 7. > > Content-Length: > > 0 > > 8. > > Host: > > dev-internal-api.expdev.local > > 9. > > Origin: > > http://localhost:8383 > > 10. > > Pragma: > > no-cache > > 11. > > > > 12. > > > > > > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> <mailto:Apiman-user@lists.jboss.org <mailto:Apiman-user@lists.jboss.org>> > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > _______________________________________________ > Apiman-user mailing list > Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> <mailto:Apiman-user@lists.jboss.org <mailto:Apiman-user@lists.jboss.org>> > https://lists.jboss.org/mailman/listinfo/apiman-user > > > _______________________________________________ Apiman-user mailing list Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/apiman-user