[
https://issues.apache.org/jira/browse/KNOX-634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay updated KNOX-634:
-----------------------------
Description:
Currently, CORS support exists only within the SSOCookieProvider in order to
accommodate browser based REST calls from apps that are served from a different
origin.
Refactoring this out to a separately configurable provider allows it to be used
with any authentication provider. Although we may need to deal with preflight
requests from the browser in (or around) the other authentication/federation
providers. OPTIONS requests will need to be able to get through without being
authenticated - or at least handled in the CORS provider with a pivot that
satisfies the preflight request. This will be done in follow up JIRAs as
appropriate.
{code}
<provider>
<role>webappsec</role>
<name>WebAppSec</name>
<enabled>true</enabled>
<param>
<name>cors.enabled</name>
<value>true</value>
</param>
</provider>
{code}
was:
Currently, CORS support exists only within the SSOCookieProvider in order to
accommodate browser based REST calls from apps that are served from a different
origin.
Refactoring this out to a separately configurable provider allows it to be used
with any authentication provider. Although we may need to deal with preflight
requests from the browser in (or around) the other authentication/federation
providers. OPTIONS requests will need to be able to get through without being
authenticated - or at least handled in the CORS provider with a pivot that
satisfies the preflight request. This will be done in follow up JIRAs as
appropriate.
> CORS Support as Part of WebAppSec Provider
> ------------------------------------------
>
> Key: KNOX-634
> URL: https://issues.apache.org/jira/browse/KNOX-634
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 0.7.0
>
>
> Currently, CORS support exists only within the SSOCookieProvider in order to
> accommodate browser based REST calls from apps that are served from a
> different origin.
> Refactoring this out to a separately configurable provider allows it to be
> used with any authentication provider. Although we may need to deal with
> preflight requests from the browser in (or around) the other
> authentication/federation providers. OPTIONS requests will need to be able to
> get through without being authenticated - or at least handled in the CORS
> provider with a pivot that satisfies the preflight request. This will be done
> in follow up JIRAs as appropriate.
> {code}
> <provider>
> <role>webappsec</role>
> <name>WebAppSec</name>
> <enabled>true</enabled>
> <param>
> <name>cors.enabled</name>
> <value>true</value>
> </param>
> </provider>
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
