[Apiman-user] How to solve the conflict about CORS and the X-API-Key in header?
Marc Savy
marc.savy at redhat.com
Mon Oct 2 08:18:35 EDT 2017
If I understand your questions correctly: by default CORS does not allow
any custom headers to be sent in the request. This means that Apiman does
not receive the X-API-Key header and necessarily can't figure out how to
route the request. The same CORS restriction does not exist with query
parameters so if you provide it with the query param you'll be okay.
Perhaps a (partial) solution to some of these kinds of CORS issues is for
Apiman to always indicate that the X-API-Key header is allowed.
Regards,
Marc
On 27 September 2017 at 05:35, Celso Agra <celso.agra at gmail.com> wrote:
> Hi all,
>
> I got some errors with CORS plugin when I try to use my API with a
> contract.
>
> So, I consume my API passing info through header, such as: Authorization,
> Content-Type, and X-API-Key.
> I'm talking about a javascript application. So, CORS is a problem for that
> language.
>
> When I configure my contract to allow Cross-Origin, the error still there,
> but if I put my X-API-Key, as a query parameter, the CORS works fine.
> Does anyone could help me to understand that?
>
> I'm concerned to pass my contract as a query parameter. It should be on
> Header of my Http Request.
> Please, help me to understand if it is a behaviour of the application and
> how can I solve this without use query param.
>
> Best Regards,
>
> --
> ---
> *Celso Agra*
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20171002/662df466/attachment.html
More information about the Apiman-user
mailing list