Looking into this but I need your help. We cannot preserve all the headers because some of them may contain sensitive information that should not be sent cross domain (for example session cookies). So the question is, which headers should be preserved by which redirects:
There are two redirects in gluon/contrib/login_methods/cas_auth.py There are two redirects in gluon/tools.py in Auth allow_access. Do you know which ones need the headers? Which headers? On Tuesday, 12 August 2014 03:05:27 UTC-5, Remco Boerma wrote: > > Thanks Massimo, > > Concerning https://code.google.com/p/web2py/issues/detail?id=1961&can=1 > > The CAS structure uses redirect() internally. Can you update the call in the > CAS code to send the request.headers? That's why i proposed a change on all > redirect calls. This allows the CAS to be CORS compliant if the user provides > the proper headers on the controller level > > With kind regards. > > Remco > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
