Thanks for the response Tharindu. You're right! When I add "*Access-Control-Request-Method: GET*" header in the request, I am seeing following behavior.
1. When OPTIONS method is defined for a resource in API, I am getting all HTTP methods supported by the back-end + NO "Access-Control-Allow-Headers". This is because the back-end does not support CORS. 2. When OPTIONS method is NOT defined for a resource in API, I am getting HTTP methods supported by the API (on gateway) + "Access-Control-Allow-Headers". This request is catered by the gateway itself, rather than passing thru to the back-end. Thanks for the clarification. On Thu, Apr 19, 2018 at 10:08 PM, Tharindu Dharmarathna <[email protected]> wrote: > Hi Gayan, > Did you Add the OPTIONS resource to API ?. Then OPTION call will be going > to the backend. If you not specifying OPTION Resource you need to send > *Access-Control-Request-Method > *header. > > > Thanks > Tharindu > > > On Fri, Apr 20, 2018 at 4:23 AM, Gayan Yalpathwala <[email protected]> > wrote: > >> Hi team, >> >> Let me explain this using Pizzashack sample API. I have added OPTIONS >> method for "/menu" resource on top of the sample. >> >> For GET method, I am receiving "Access-Control-Allow-Headers" whereas for >> OPTIONS, I am not getting it. See below. >> >> curl -k -X GET --header 'Accept: application/json' --header >> 'Authorization: Bearer xxxxx' 'https://mylocal:8243/pizzashack/1.0.0/menu' >> -v >> < HTTP/1.1 200 OK >> < Access-Control-Allow-Origin: * >> < Access-Control-Allow-Methods: GET >> < Access-Control-Allow-Headers: authorization,Access-Control-A >> llow-Origin,Content-Type,SOAPAction >> >> curl -k -X OPTIONS --header 'Accept: application/json' --header >> 'Authorization: Bearer xxxxx' 'https://mylocal:8243/pizzashack/1.0.0/menu' >> -v >> < HTTP/1.1 200 OK >> < Allow: DELETE,POST,GET,PUT,OPTIONS,HEAD >> >> I am expecting CORS headers for OPTIONS call as well. >> >> Thanks, >> >> -- >> *Gayan Kaushalya Yalpathwala* >> Senior Software Engineer >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> LK: +94 71 868 2704 >> US: (408) 386-7521 >> >> <https://wso2.com/events/> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > *Tharindu Dharmarathna*Senior Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94779109091* > -- *Gayan Kaushalya Yalpathwala* Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware LK: +94 71 868 2704 US: (408) 386-7521 <https://wso2.com/events/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
