You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "Sergio Fernández (JIRA)" <ji...@apache.org> on 2013/03/05 17:09:11 UTC

[jira] [Commented] (INFRA-5938) Anonymous requests to Jira's REST API

    [ https://issues.apache.org/jira/browse/INFRA-5938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13593520#comment-13593520 ] 

Sergio Fernández commented on INFRA-5938:
-----------------------------------------

The current draft code we are using is now available at http://svn.apache.org/repos/asf/incubator/marmotta/site/trunk/content/resources/js/marmotta.js
                
> Anonymous requests to Jira's REST API
> -------------------------------------
>
>                 Key: INFRA-5938
>                 URL: https://issues.apache.org/jira/browse/INFRA-5938
>             Project: Infrastructure
>          Issue Type: Wish
>      Security Level: public(Regular issues) 
>          Components: JIRA
>            Reporter: Sergio Fernández
>            Priority: Minor
>
> Trying to integrate some stuff from jira in marmotta's webpage, I realized it is not possible to call the rest api through javascript. Once I discovered CORS is disabled for that host, I switched to JSONP, but it only works if I have my session open in the same browser, which most likely is not the case to our target visitors.
> So, would be possible to enable anonymous requests? I checked, and the permissions in the porject for "Browse Projects"is set to group "Anyone". Maybe, for avoiding abuse of it, we could allow it only from some safe hosts, marmotta.incubator.apache.orgn and marmotta.staging.apache.org mainly.
> Thanks!

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira