You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2015/11/26 15:50:10 UTC

[jira] [Commented] (KNOX-634) CORS Support as Part of WebAppSec Provider

    [ https://issues.apache.org/jira/browse/KNOX-634?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15028922#comment-15028922 ] 

ASF subversion and git services commented on KNOX-634:
------------------------------------------------------

Commit 39aa06ee8655cdf4e2d1875868a3a1875a3ac2cd in knox's branch refs/heads/master from [~lmccay]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=39aa06e ]

KNOX-634 - CORS Support as Part of WebAppSec Provider

> CORS Support as Part of WebAppSec Provider
> ------------------------------------------
>
>                 Key: KNOX-634
>                 URL: https://issues.apache.org/jira/browse/KNOX-634
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>             Fix For: 0.7.0
>
>
> Currently, CORS support exists only within the SSOCookieProvider in order to accommodate browser based REST calls from apps that are served from a different origin.
> Refactoring this out to a separately configurable provider allows it to be used with any authentication provider. Although we may need to deal with preflight requests from the browser in (or around) the other authentication/federation providers. OPTIONS requests will need to be able to get through without being authenticated - or at least handled in the CORS provider with a pivot that satisfies the preflight request. This will be done in follow up JIRAs as appropriate.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)