Hi Joakim,
yes, I had the same thought, it would be great to avoid running through
the Authenticator on OPTIONS, but how?
I haven't found an option to do that in jetty.
Gregor
Gregor Jarisch
Head of Research & Development
Labs.ai Technology GmbH
m: +43 699 1 822 74 47
w: www.labs.ai e: [email protected]
------ Original Message ------
From: "Joakim Erdfelt" <[email protected]>
To: "Gregor Jarisch" <[email protected]>; "JETTY user mailing list"
<[email protected]>
Sent: 05/10/2019 5:25:19 PM
Subject: Re: [jetty-users] Basic Authenticator response to OPTIONS
request with 401
>Perhaps its best to not have OPTIONS covered by Authentication?
>
>The problem is that standard Servlet Authentication is early, super
>early, before any filter or servlet is called early.
>
>Joakim Erdfelt / [email protected]
>
>
>On Fri, May 10, 2019 at 10:20 AM Gregor Jarisch <[email protected]>
>wrote:
>>Hi,
>>
>>when using the CORS Filter + Basic Authentication, jetty returns a 401
>>when a client makes an OPTIONS call.
>>Within the CORS Filter the preflight handling is done correctly,
>>however, it never gets there because jetty returns the 401 before
>>hand.
>>
>>Is there any way to let the CORS Filter handle the request first?
>>
>>My current workaround is overriding the verify method and exclude the
>>setting of 401 if method is OPTIONS. This workaround feels not right
>>though..
>>
>>Gregor
>>_______________________________________________
>>jetty-users mailing list
>>[email protected]
>>To change your delivery options, retrieve your password, or
>>unsubscribe from this list, visit
>>https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
