[Apiman-user] HTTP Methods
Marc Savy
marc.savy at redhat.com
Wed Sep 9 13:53:15 EDT 2015
It seems to work for me on 1.2.0-SNAPSHOT for me. Maybe you're picking up an old version of the plugin somehow? :-(
Is there any chance you can provide a reproducer script? Use something else other than the OAuth2 policy
So have something like:
CORS -> Rate Limiting Policy
Then your script would be something that accesses that backend service using a POST request, and hopefully it'll reveal the issue (can just be a curl command with all the appropriate headers set).
On 09/09/2015 18:41, Fadi Abdin wrote:
> The problem is that CORS wont work for other than GET , i tried
> POST,PUT,DELETE , all fail
>
> Thanks for looking into it.
>
>
> On Wed, Sep 9, 2015 at 1:35 PM, Marc Savy <marc.savy at redhat.com
> <mailto:marc.savy at redhat.com>> wrote:
>
> I'll try to check it out - I thought this was the problem already
> fixed. Will attempt to verify and get back to you.
>
> On 09/09/2015 18:32, Fadi Abdin wrote:
>
> Hey Marc ,
>
> There is still a problem. I just installed the latest version
> and tried
> a POST , the preflight passes but the acual post failes .. check
> this
>
> Pre-Flight : https://gist.github.com/fadiabdeen/fad62e55a3fa161f8b82
> Post : https://gist.github.com/fadiabdeen/6990954142c936e3c54a
>
>
>
>
>
> On Sat, Sep 5, 2015 at 7:29 AM, Fadi Abdin <fadiabdeen at gmail.com
> <mailto:fadiabdeen at gmail.com>
> <mailto:fadiabdeen at gmail.com <mailto:fadiabdeen at gmail.com>>> wrote:
>
> Hey Marc,
>
> Thanks for asking.. I did not try updating the new version
> to get
> other the GET to work.
>
> Otherwise everything was perfect until Friday. and all the
> sudden
> some services start giving 500 when calling them (only in
> one of the
> environments setup). then i tried duplicating the the
> service and
> pumpup the version and it worked .. that was weird. but the
> cors
> didnt work. I did not fully invistigate whats going on but
> i was
> ready to send you an email explaining what happened after
> collecting
> more information. i'm not sure why i keep having some
> issues like
> this . but if i got a chance this weekend i might send you
> details.
>
> Thanks,
> Fadi
>
>
> On Sat, Sep 5, 2015 at 7:20 AM, Marc Savy <msavy at redhat.com
> <mailto:msavy at redhat.com>
> <mailto:msavy at redhat.com <mailto:msavy at redhat.com>>> wrote:
>
> Fadi - Is this all working as expected?
>
> ----- Original Message -----
> From: "Marc Savy" <marc.savy at redhat.com
> <mailto:marc.savy at redhat.com>
> <mailto:marc.savy at redhat.com
> <mailto:marc.savy at redhat.com>>>
> To: "Fadi Abdin" <fadiabdeen at gmail.com
> <mailto:fadiabdeen at gmail.com>
> <mailto:fadiabdeen at gmail.com
> <mailto:fadiabdeen at gmail.com>>>
> Cc: "apiman-user" <apiman-user at lists.jboss.org
> <mailto:apiman-user at lists.jboss.org>
> <mailto:apiman-user at lists.jboss.org
> <mailto:apiman-user at lists.jboss.org>>>
> Sent: Friday, 28 August, 2015 1:42:25 PM
> Subject: Re: [Apiman-user] HTTP Methods
>
> Should be 'apiman-plugins-cors-policy' ; repo is
> 'apiman-plugins'
>
> On 28/08/2015 13:40, Fadi Abdin wrote:
> > latest of cors-policy-plugin?
> >
> > On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy
> <marc.savy at redhat.com <mailto:marc.savy at redhat.com>
> <mailto:marc.savy at redhat.com <mailto:marc.savy at redhat.com>>
> > <mailto:marc.savy at redhat.com
> <mailto:marc.savy at redhat.com> <mailto:marc.savy at redhat.com
> <mailto:marc.savy at redhat.com>>>>
>
> wrote:
> >
> > I think there may have been some overzealous error
> detection going
> > on. Please try out the latest master/1.1.x.
> >
> >
> > On 27/08/2015 20:02, Eric Wittmann wrote:
> >
> > Hi Fadi.
> >
> > It's possible this is a bug in the CORS
> policy or a
> > mis-configuration.
> > Hopefully Marc can respond shortly.
> >
> > One thing I'll say is that you *probably*
> don't need
> to include
> > "OPTIONS" as one of the allowed CORS methods.
> >
> > -Eric
> >
> > On 8/27/2015 2:48 PM, Fadi Abdin wrote:
> > > Hey Eric / Marc,
> > >
> > > Everything going good so far with the
> CORS fix but
> guessing
> > there is
> > > something still, or maybe i'm doing something
> wrong ( it
> > always happened
> > > to me ).
> > >
> > > I have setup my CORS Policy in API Man
> and included
> > > "Access-Control-Allow-Methods" :
> > "OPTIONS","GET","POST","DELETE",'PUT".
> > >
> > > But i get a 403 and "CORS: Invalid preflight
> request; must
> > use OPTIONS
> > > verb." on ANY service that is not GET.
> > >
> > > OPTIONS Header :
> > >
> > > 1.
> > > Remote Address:
> > > 172.26.209.66:443
> <http://172.26.209.66:443> <http://172.26.209.66:443>
> <http://172.26.209.66:443>
> > <http://172.26.209.66:443>
> > > 2.
> > > Request URL:
> > >
> >
> https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
> > > 3.
> > > Request Method:
> > > OPTIONS
> > > 4.
> > > Status Code:
> > > 200 OK
> > > 1. Response Headersview source
> > > 1.
> > > Access-Control-Allow-Headers:
> > > Accept, Authorization, Head
> > > 2.
> > > Access-Control-Allow-Methods:
> > > OPTIONS, GET, POST, DELETE, PUT
> > > 3.
> > > Access-Control-Allow-Origin:
> > > http://localhost:8383
> > > 4.
> > > Access-Control-Max-Age:
> > > 0
> > > 5.
> > > Connection:
> > > keep-alive
> > > 6.
> > > Date:
> > > Thu, 27 Aug 2015 18:44:39 GMT
> > > 7.
> > > Server:
> > > WildFly/8
> > > 8.
> > > Transfer-Encoding:
> > > chunked
> > > 9.
> > > X-Powered-By:
> > > Undertow/1
> > > 2. Request Headersview source
> > > 1.
> > > Accept:
> > > */*
> > > 2.
> > > Accept-Encoding:
> > > gzip, deflate, sdch
> > > 3.
> > > Accept-Language:
> > > en-US,en;q=0.8,ar;q=0.6
> > > 4.
> > > Access-Control-Request-Headers:
> > > accept, authorization
> > > 5.
> > > Access-Control-Request-Method:
> > > POST
> > > 6.
> > > Cache-Control:
> > > no-cache
> > > 7.
> > > Connection:
> > > keep-alive
> > > 8.
> > > Host:
> > > dev-internal-api.expdev.local
> > > 9.
> > > Origin:
> > > http://localhost:8383
> > > 10.
> > > Pragma:
> > > no-cache
> > > 11.
> > > Referer:
> > >
> >
> http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327
> > >
> > >
> > >
> > >
> > > POST HEADER
> > >
> > > 1.
> > > Remote Address:
> > > 172.26.209.66:443
> <http://172.26.209.66:443> <http://172.26.209.66:443>
> <http://172.26.209.66:443>
> > <http://172.26.209.66:443>
> > > 2.
> > > Request URL:
> > >
> >
> https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post
> > > 3.
> > > Request Method:
> > > POST
> > > 4.
> > > Status Code:
> > > 403 Forbidden
> > > 1. Response Headersview source
> > > 1.
> > > Access-Control-Allow-Origin:
> > > http://localhost:8383
> > > 2.
> > > Connection:
> > > keep-alive
> > > 3.
> > > Content-Length:
> > > 195
> > > 4.
> > > Content-Type:
> > > application/json
> > > 5.
> > > Date:
> > > Thu, 27 Aug 2015 18:44:39 GMT
> > > 6.
> > > Server:
> > > WildFly/8
> > > 7.
> > > X-Policy-Failure-Code:
> > > 400
> > > 8.
> > > X-Policy-Failure-Message:
> > > CORS: Invalid preflight
> request; must use
> > OPTIONS verb.
> > > 9.
> > > X-Policy-Failure-Type:
> > > Authorization
> > > 10.
> > > X-Powered-By:
> > > Undertow/1
> > > 2. Request Headersview source
> > > 1.
> > > Accept:
> > > application/json,
> text/plain, */*
> > > 2.
> > > Accept-Encoding:
> > > gzip, deflate
> > > 3.
> > > Accept-Language:
> > > en-US,en;q=0.8,ar;q=0.6
> > > 4.
> > > Authorization:
> > > Bearer
> > >
> >
>
> eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ
> > > 5.
> > > Cache-Control:
> > > no-cache
> > > 6.
> > > Connection:
> > > keep-alive
> > > 7.
> > > Content-Length:
> > > 0
> > > 8.
> > > Host:
> > > dev-internal-api.expdev.local
> > > 9.
> > > Origin:
> > > http://localhost:8383
> > > 10.
> > > Pragma:
> > > no-cache
> > > 11.
> > >
> > > 12.
> > >
> > >
> > >
> > >
> > >
> _______________________________________________
> > > Apiman-user mailing list
> > > Apiman-user at lists.jboss.org
> <mailto:Apiman-user at lists.jboss.org>
> <mailto:Apiman-user at lists.jboss.org
> <mailto:Apiman-user at lists.jboss.org>>
> <mailto:Apiman-user at lists.jboss.org
> <mailto:Apiman-user at lists.jboss.org>
> <mailto:Apiman-user at lists.jboss.org
> <mailto:Apiman-user at lists.jboss.org>>>
> > >
> https://lists.jboss.org/mailman/listinfo/apiman-user
> > >
> > _______________________________________________
> > Apiman-user mailing list
> > Apiman-user at lists.jboss.org
> <mailto:Apiman-user at lists.jboss.org>
> <mailto:Apiman-user at lists.jboss.org
> <mailto:Apiman-user at lists.jboss.org>>
> <mailto:Apiman-user at lists.jboss.org
> <mailto:Apiman-user at lists.jboss.org>
> <mailto:Apiman-user at lists.jboss.org
> <mailto:Apiman-user at lists.jboss.org>>>
> > https://lists.jboss.org/mailman/listinfo/apiman-user
> >
> >
> >
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
> <mailto:Apiman-user at lists.jboss.org
> <mailto:Apiman-user at lists.jboss.org>>
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
>
>
>
>
More information about the Apiman-user
mailing list