[jira] [Commented] (JCR-3727) enable CORS preflight requests on AbstractWebdavServlet

Tobias Bocanegra (JIRA) Sun, 16 Feb 2014 21:54:07 -0800

    [ 
https://issues.apache.org/jira/browse/JCR-3727?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13902983#comment-13902983
 ]


Tobias Bocanegra commented on JCR-3727:
---------------------------------------

Thanks for the patch - however, this basically disables any CORS security and 
allows CORS from any client. we should at least make the allowed origins 
configurable. also a bit more explanation in what scenarios you need this would 
be good. usually you can solve CORS problems with jsonp.

> enable CORS preflight requests on AbstractWebdavServlet
> -------------------------------------------------------
>
>                 Key: JCR-3727
>                 URL: https://issues.apache.org/jira/browse/JCR-3727
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-webdav
>    Affects Versions: 2.4.5, 2.6.5, 2.7.5
>            Reporter: Oliver Lietz
>              Labels: CORS
>         Attachments: JCR-3727-2.4.diff
>
>
> see http://www.w3.org/TR/cors/



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

[jira] [Commented] (JCR-3727) enable CORS preflight requests on AbstractWebdavServlet

Reply via email to