I'm getting HTTP response code 400 in APIMan (version 1.3.0.Final) every time I use the Header Access-Control-Request-Method.
I tried the same Request without the HEADER and worked so that I imagine something is wrong with Access-Control-Request-Method Header.
The below request fails
curl -i -X OPTIONS \
-H "Authorization:Bearer ..." \
-H "Access-Control-Request-Headers:authorization,content-type,x-origem" \
-H "Access-Control-Request-Method:POST" \
'https://www.apigtw.pe.gov.br/apiman-gateway/ati-homolog/catalogo-software/1.0/datacenter/search'
But if I call the same request without the Header Access-Control-Request-Method works.
curl -i -X OPTIONS \
-H "Authorization:Bearer ..." \
-H "Access-Control-Request-Headers:authorization,content-type,x-origem" \
'https://www.apigtw.pe.gov.br/apiman-gateway/ati-homolog/catalogo-software/1.0/datacenter/search'
In APIMan CORS Policy I didn't see an option for Access-Control-Request-Method (image below). I tried putting the Access-Control-Expose-Headers and Access-Control-Allow-Headers (highlighted below) and didn't work.
Edited Image (Full image)
Is there something wrong with the Request or APIMan?