[jira] [Updated] (KNOX-634) CORS Support as Part of WebAppSec Provider

Thu, 26 Nov 2015 06:41:10 -0800 

     [ 
https://issues.apache.org/jira/browse/KNOX-634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated KNOX-634:
-----------------------------
    Description: 
Currently, CORS support exists only within the SSOCookieProvider in order to 
accommodate browser based REST calls from apps that are served from a different 
origin.

Refactoring this out to a separately configurable provider allows it to be used 
with any authentication provider. Although we may need to deal with preflight 
requests from the browser in (or around) the other authentication/federation 
providers. OPTIONS requests will need to be able to get through without being 
authenticated - or at least handled in the CORS provider with a pivot that 
satisfies the preflight request. This will be done in follow up JIRAs as 
appropriate.

  was:
Currently, CORS support exists only within the SSOCookieProvider in order to 
accommodate browser based REST calls from apps that are served from a different 
origin.

Refactoring this out to a separately configurable provider allows it to be used 
with any authentication provider. Although we may need to deal with preflight 
requests from the browser in (or around) the other authentication/federation 
providers. OPTIONS requests will need to be able to get through without being 
authenticated. This will be done in follow up JIRAs as appropriate.


> CORS Support as Part of WebAppSec Provider
> ------------------------------------------
>
>                 Key: KNOX-634
>                 URL: https://issues.apache.org/jira/browse/KNOX-634
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>             Fix For: 0.7.0
>
>
> Currently, CORS support exists only within the SSOCookieProvider in order to 
> accommodate browser based REST calls from apps that are served from a 
> different origin.
> Refactoring this out to a separately configurable provider allows it to be 
> used with any authentication provider. Although we may need to deal with 
> preflight requests from the browser in (or around) the other 
> authentication/federation providers. OPTIONS requests will need to be able to 
> get through without being authenticated - or at least handled in the CORS 
> provider with a pivot that satisfies the preflight request. This will be done 
> in follow up JIRAs as appropriate.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to