[ https://issues.apache.org/jira/browse/KNOX-634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Larry McCay updated KNOX-634: ----------------------------- Description: Currently, CORS support exists only within the SSOCookieProvider in order to accommodate browser based REST calls from apps that are served from a different origin. Refactoring this out to a separately configurable provider allows it to be used with any authentication provider. Although we may need to deal with preflight requests from the browser in (or around) the other authentication/federation providers. OPTIONS requests will need to be able to get through without being authenticated - or at least handled in the CORS provider with a pivot that satisfies the preflight request. This will be done in follow up JIRAs as appropriate. was: Currently, CORS support exists only within the SSOCookieProvider in order to accommodate browser based REST calls from apps that are served from a different origin. Refactoring this out to a separately configurable provider allows it to be used with any authentication provider. Although we may need to deal with preflight requests from the browser in (or around) the other authentication/federation providers. OPTIONS requests will need to be able to get through without being authenticated. This will be done in follow up JIRAs as appropriate. > CORS Support as Part of WebAppSec Provider > ------------------------------------------ > > Key: KNOX-634 > URL: https://issues.apache.org/jira/browse/KNOX-634 > Project: Apache Knox > Issue Type: Improvement > Components: Server > Reporter: Larry McCay > Assignee: Larry McCay > Fix For: 0.7.0 > > > Currently, CORS support exists only within the SSOCookieProvider in order to > accommodate browser based REST calls from apps that are served from a > different origin. > Refactoring this out to a separately configurable provider allows it to be > used with any authentication provider. Although we may need to deal with > preflight requests from the browser in (or around) the other > authentication/federation providers. OPTIONS requests will need to be able to > get through without being authenticated - or at least handled in the CORS > provider with a pivot that satisfies the preflight request. This will be done > in follow up JIRAs as appropriate. -- This message was sent by Atlassian JIRA (v6.3.4#6332)