- **status**: in-progress --> review - **Comment**: Closed #821. `ib/7927`
QA instructions: - See below the notes below depending on your setup - Generate bearer token for at `/auth/oauth` - Open [this script](https://forge-allura.apache.org/p/allura/pastebin/55a7cb736d19cd2b44c9758c) in your browser and play with various API endpoints/methods Local notes: - Uncomment `cors.enabled`, `cors.methods` and `cors.headers` in `development.ini` - Comment out https check for APIs `Allura/allura/controllers/rest.py` #if not testing and request.scheme != 'https': #request.environ['pylons.status_code_redirect'] = True #raise exc.HTTPForbidden Sandbox notes: - Make sure you are using https for the request or else you will get constant 403 - Add `cors.enabled`, `cors.methods` and `cors.headers` to `production.ini` - Enable passing auth headers in apache `/etc/httpd/conf.d/allura-venv.conf` WSGIPassAuthorization On --- ** [tickets:#7927] Enable CORS access to rest APIs** **Status:** review **Milestone:** unreleased **Labels:** api sf-2 sf-current 42cc **Created:** Mon Jul 13, 2015 03:23 PM UTC by Dave Brondsema **Last Updated:** Tue Jul 14, 2015 07:31 AM UTC **Owner:** Igor Bondarenko Original request: https://sourceforge.net/p/forge/feature-requests/426/ May need `.ini` settings if this is something that some sites would want and not others. --- Sent from forge-allura.apache.org because [email protected] is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
