[Apiman-user] 401 on a CORS preflight request
Jairo Junior
junior.jairo1 at gmail.com
Fri Jul 22 07:55:20 EDT 2016
EAP 7.0 + apiman 1.2.7 overlay, but I've also tried with docker image
apiman/on-wildfly10:1.2.7.Final
/apiman-gateway/org/service/1.0 with Keycloak OAuth Policy
On Fri, Jul 22, 2016 at 8:29 AM Eric Wittmann <eric.wittmann at redhat.com>
wrote:
> Apiman should allow OPTIONS requests without requiring authorization.
> What is your setup/configuration (which app server, etc)? Also what
> apiman REST endpoints are you trying to access?
>
> -Eric
>
> On 7/22/2016 7:22 AM, Jairo Junior wrote:
> > I've been trying to setup apiman + keycloak-oauth-plugin + keycloak +
> > keycloak.js with a client-side angularjs app and a REST API. It's a
> > scenario very similar to
> >
> https://github.com/keycloak/keycloak/tree/master/examples/demo-template/angular-product-app
> ,
> > but with apiman and CORS.
> >
> > My test are going well with curl, but using my javascript app the
> > browser it is performing a CORS preflight OPTIONS request without
> > authorization header.
> >
> > OPTIONS request works well with authorization header using curl,
> > therefore, I'm not sure whether the browser should include authorization
> > header or apiman should allows CORS preflight requests (OPTIONS) without
> > authorization header.
> >
> >
> > _______________________________________________
> > Apiman-user mailing list
> > Apiman-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/apiman-user
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20160722/a4af1ae8/attachment.html
More information about the Apiman-user
mailing list