Perhaps its best to not have OPTIONS covered by Authentication? The problem is that standard Servlet Authentication is early, super early, before any filter or servlet is called early.
Joakim Erdfelt / [email protected] On Fri, May 10, 2019 at 10:20 AM Gregor Jarisch <[email protected]> wrote: > Hi, > > when using the CORS Filter + Basic Authentication, jetty returns a 401 > when a client makes an OPTIONS call. > Within the CORS Filter the preflight handling is done correctly, however, > it never gets there because jetty returns the 401 before hand. > > Is there any way to let the CORS Filter handle the request first? > > My current workaround is overriding the verify method and exclude the > setting of 401 if method is OPTIONS. This workaround feels not right > though.. > > Gregor > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
