[Apiman-user] CORS

Fadi Abdin fadiabdeen at gmail.com
Mon Aug 17 11:38:54 EDT 2015 

cool .. you're the man ;)


On Mon, Aug 17, 2015 at 11:37 AM, Marc Savy <marc.savy at redhat.com> wrote:

> I'm actually testing the fix right now. It will land both on the 1.2.x
> branch and the 1.1.x branch shortly. You should be able to test it out
> in a short while: I'll send you an email when it's available.
>
> On 17/08/2015 16:23, Fadi Abdin wrote:
>
>> Thank you Marc,
>> Is there a work around that you can think of ?
>> I'm doing it with angularjs  , very simple
>>
>> $http({method: 'GET', url: 'http://server/apiman-gateway/service',
>> headers: {
>>      'Authorization': 'Bearer XXXXXXXXXXXXX'}
>> });
>>
>> I assume you will fix it in the new version , right?
>>
>>
>>
>> On Mon, Aug 17, 2015 at 10:52 AM, Marc Savy <marc.savy at redhat.com
>> <mailto:marc.savy at redhat.com>> wrote:
>>
>>     Hi,
>>
>>     This is related to the JIRA I linked you to
>>     (https://issues.jboss.org/browse/APIMAN-516). Because of the way the
>>     policy chain currently works the behaviour of CORS is invalid in a
>>     few very specific cases (e.g. when you stack it with an auth
>>     policy). I'll let you know when it's fixed.
>>
>>     Regards,
>>     Marc
>>
>>     On 17/08/2015 15:44, Fadi Abdin wrote:
>>
>>         I have a problem in calling a service in apiman-gateway with the
>>         Authorization: Bearer <token> in the header.
>>
>>         It seems to preflight OPTIONS and return
>>
>>           1.
>>              X-Policy-Failure-Message:
>>              OAuth2 'Authorization' header or 'access_token' query
>>         parameter must
>>              be provided.
>>
>>         I am sending the bearer token with the request and i make sure
>>         in the
>>         preflight its sent in the request.
>>
>>           1.
>>              Access-Control-Request-Headers:
>>              accept, authorization
>>
>>         Does anyone know if there Is something i'm missing ?  do i need
>>         to get
>>         authorization enabled or added anywhere ? as a side note i have
>>         below in
>>         my api as well:
>>
>>         response.setHeader("Access-Control-Allow-Headers",
>> "Authorization");
>>
>>
>>         _______________________________________________
>>         Apiman-user mailing list
>>         Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>>         https://lists.jboss.org/mailman/listinfo/apiman-user
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150817/4530fd58/attachment-0001.html

More information about the Apiman-user mailing list