You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by "Torben Fitschen (Created) (JIRA)" <ji...@apache.org> on 2012/04/11 15:23:16 UTC
[jira] [Created] (APLO-188) Support allowing cross origin resource
sharing (CORS) of web admin APIs
Support allowing cross origin resource sharing (CORS) of web admin APIs
-----------------------------------------------------------------------
Key: APLO-188
URL: https://issues.apache.org/jira/browse/APLO-188
Project: ActiveMQ Apollo
Issue Type: Bug
Components: apollo-web
Affects Versions: 1.2
Environment: Debian Wheezy
Reporter: Torben Fitschen
Request header field Authorization is not allowed by Access-Control-Allow-Headers.
--------------------------------------------------------------------------------
Request Headers:
OPTIONS /broker.json HTTP/1.1
Host: 192.168.1.2:61680
Connection: keep-alive
Cache-Control: max-age=0
Access-Control-Request-Method: GET
Origin: http://192.168.1.1
Pragma: no-cache
Access-Control-Request-Headers: origin, authorization, accept
Accept: */*
--------------------------------------------------------------------------------
Required Response Headers:
Access-Control-Allow-Origin
Access-Control-Allow-Methods
Access-Control-Allow-Headers
--------------------------------------------------------------------------------
http://www.html5rocks.com/en/tutorials/cors/
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (APLO-188) Add "Access-Control-Allow-Methods"
and "Access-Control-Allow-Headers" to CORS requests
Posted by "Hiram Chirino (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/APLO-188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13259659#comment-13259659 ]
Hiram Chirino commented on APLO-188:
------------------------------------
I've just committed change which sets the Access-Control-Allow-Methods to match Access-Control-Request-Headers. Should show up in the next nightly.
> Add "Access-Control-Allow-Methods" and "Access-Control-Allow-Headers" to CORS requests
> --------------------------------------------------------------------------------------
>
> Key: APLO-188
> URL: https://issues.apache.org/jira/browse/APLO-188
> Project: ActiveMQ Apollo
> Issue Type: Bug
> Components: apollo-web
> Affects Versions: 1.2
> Environment: Debian Wheezy
> Reporter: Torben Fitschen
> Assignee: Hiram Chirino
> Fix For: 1.3
>
>
> Request header field Authorization is not allowed by Access-Control-Allow-Headers.
> --------------------------------------------------------------------------------
> Request Headers:
> OPTIONS /broker.json HTTP/1.1
> Host: 192.168.1.2:61680
> Connection: keep-alive
> Cache-Control: max-age=0
> Access-Control-Request-Method: GET
> Origin: http://192.168.1.1
> Pragma: no-cache
> Access-Control-Request-Headers: origin, authorization, accept
> Accept: */*
> --------------------------------------------------------------------------------
> Required Response Headers:
> Access-Control-Allow-Origin
> Access-Control-Allow-Methods
> Access-Control-Allow-Headers
> --------------------------------------------------------------------------------
> http://www.html5rocks.com/en/tutorials/cors/
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (APLO-188) Support allowing cross origin
resource sharing (CORS) of web admin APIs
Posted by "Martin Schröder (Commented JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/APLO-188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13255991#comment-13255991 ]
Martin Schröder commented on APLO-188:
--------------------------------------
I don't agree that the implementation of CORS is complete. If you request data of type application/json the browser issues a preflight request "OPTIONS" which the webserver must respond to with required headers (like stated in the description of this bug report). At the moment this is not the case using Apollo 1.2 as the headers "Access-Control-Allow-Methods" and "Access-Control-Allow-Headers" are missing.
> Support allowing cross origin resource sharing (CORS) of web admin APIs
> -----------------------------------------------------------------------
>
> Key: APLO-188
> URL: https://issues.apache.org/jira/browse/APLO-188
> Project: ActiveMQ Apollo
> Issue Type: Bug
> Components: apollo-web
> Affects Versions: 1.2
> Environment: Debian Wheezy
> Reporter: Torben Fitschen
> Assignee: Hiram Chirino
>
> Request header field Authorization is not allowed by Access-Control-Allow-Headers.
> --------------------------------------------------------------------------------
> Request Headers:
> OPTIONS /broker.json HTTP/1.1
> Host: 192.168.1.2:61680
> Connection: keep-alive
> Cache-Control: max-age=0
> Access-Control-Request-Method: GET
> Origin: http://192.168.1.1
> Pragma: no-cache
> Access-Control-Request-Headers: origin, authorization, accept
> Accept: */*
> --------------------------------------------------------------------------------
> Required Response Headers:
> Access-Control-Allow-Origin
> Access-Control-Allow-Methods
> Access-Control-Allow-Headers
> --------------------------------------------------------------------------------
> http://www.html5rocks.com/en/tutorials/cors/
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (APLO-188) Support allowing cross origin resource
sharing (CORS) of web admin APIs
Posted by "Hiram Chirino (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/APLO-188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hiram Chirino resolved APLO-188.
--------------------------------
Resolution: Duplicate
Assignee: Hiram Chirino
Dup of APLO-171
> Support allowing cross origin resource sharing (CORS) of web admin APIs
> -----------------------------------------------------------------------
>
> Key: APLO-188
> URL: https://issues.apache.org/jira/browse/APLO-188
> Project: ActiveMQ Apollo
> Issue Type: Bug
> Components: apollo-web
> Affects Versions: 1.2
> Environment: Debian Wheezy
> Reporter: Torben Fitschen
> Assignee: Hiram Chirino
>
> Request header field Authorization is not allowed by Access-Control-Allow-Headers.
> --------------------------------------------------------------------------------
> Request Headers:
> OPTIONS /broker.json HTTP/1.1
> Host: 192.168.1.2:61680
> Connection: keep-alive
> Cache-Control: max-age=0
> Access-Control-Request-Method: GET
> Origin: http://192.168.1.1
> Pragma: no-cache
> Access-Control-Request-Headers: origin, authorization, accept
> Accept: */*
> --------------------------------------------------------------------------------
> Required Response Headers:
> Access-Control-Allow-Origin
> Access-Control-Allow-Methods
> Access-Control-Allow-Headers
> --------------------------------------------------------------------------------
> http://www.html5rocks.com/en/tutorials/cors/
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (APLO-188) Add "Access-Control-Allow-Methods" and
"Access-Control-Allow-Headers" to CORS requests
Posted by "Hiram Chirino (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/APLO-188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hiram Chirino resolved APLO-188.
--------------------------------
Resolution: Fixed
Fixed in next nightly snapshot.
> Add "Access-Control-Allow-Methods" and "Access-Control-Allow-Headers" to CORS requests
> --------------------------------------------------------------------------------------
>
> Key: APLO-188
> URL: https://issues.apache.org/jira/browse/APLO-188
> Project: ActiveMQ Apollo
> Issue Type: Bug
> Components: apollo-web
> Affects Versions: 1.2
> Environment: Debian Wheezy
> Reporter: Torben Fitschen
> Assignee: Hiram Chirino
> Fix For: 1.3
>
>
> Request header field Authorization is not allowed by Access-Control-Allow-Headers.
> --------------------------------------------------------------------------------
> Request Headers:
> OPTIONS /broker.json HTTP/1.1
> Host: 192.168.1.2:61680
> Connection: keep-alive
> Cache-Control: max-age=0
> Access-Control-Request-Method: GET
> Origin: http://192.168.1.1
> Pragma: no-cache
> Access-Control-Request-Headers: origin, authorization, accept
> Accept: */*
> --------------------------------------------------------------------------------
> Required Response Headers:
> Access-Control-Allow-Origin
> Access-Control-Allow-Methods
> Access-Control-Allow-Headers
> --------------------------------------------------------------------------------
> http://www.html5rocks.com/en/tutorials/cors/
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (APLO-188) Add "Access-Control-Allow-Methods" and
"Access-Control-Allow-Headers" to CORS requests
Posted by "Hiram Chirino (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/APLO-188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hiram Chirino updated APLO-188:
-------------------------------
Fix Version/s: 1.3
Summary: Add "Access-Control-Allow-Methods" and "Access-Control-Allow-Headers" to CORS requests (was: Support allowing cross origin resource sharing (CORS) of web admin APIs)
> Add "Access-Control-Allow-Methods" and "Access-Control-Allow-Headers" to CORS requests
> --------------------------------------------------------------------------------------
>
> Key: APLO-188
> URL: https://issues.apache.org/jira/browse/APLO-188
> Project: ActiveMQ Apollo
> Issue Type: Bug
> Components: apollo-web
> Affects Versions: 1.2
> Environment: Debian Wheezy
> Reporter: Torben Fitschen
> Assignee: Hiram Chirino
> Fix For: 1.3
>
>
> Request header field Authorization is not allowed by Access-Control-Allow-Headers.
> --------------------------------------------------------------------------------
> Request Headers:
> OPTIONS /broker.json HTTP/1.1
> Host: 192.168.1.2:61680
> Connection: keep-alive
> Cache-Control: max-age=0
> Access-Control-Request-Method: GET
> Origin: http://192.168.1.1
> Pragma: no-cache
> Access-Control-Request-Headers: origin, authorization, accept
> Accept: */*
> --------------------------------------------------------------------------------
> Required Response Headers:
> Access-Control-Allow-Origin
> Access-Control-Allow-Methods
> Access-Control-Allow-Headers
> --------------------------------------------------------------------------------
> http://www.html5rocks.com/en/tutorials/cors/
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Reopened] (APLO-188) Support allowing cross origin resource
sharing (CORS) of web admin APIs
Posted by "Hiram Chirino (Reopened) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/APLO-188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hiram Chirino reopened APLO-188:
--------------------------------
Most requests should be of the simple type so they don't need those additional headers. Reopening the issue so issue to fully implement in next release.
> Support allowing cross origin resource sharing (CORS) of web admin APIs
> -----------------------------------------------------------------------
>
> Key: APLO-188
> URL: https://issues.apache.org/jira/browse/APLO-188
> Project: ActiveMQ Apollo
> Issue Type: Bug
> Components: apollo-web
> Affects Versions: 1.2
> Environment: Debian Wheezy
> Reporter: Torben Fitschen
> Assignee: Hiram Chirino
> Fix For: 1.3
>
>
> Request header field Authorization is not allowed by Access-Control-Allow-Headers.
> --------------------------------------------------------------------------------
> Request Headers:
> OPTIONS /broker.json HTTP/1.1
> Host: 192.168.1.2:61680
> Connection: keep-alive
> Cache-Control: max-age=0
> Access-Control-Request-Method: GET
> Origin: http://192.168.1.1
> Pragma: no-cache
> Access-Control-Request-Headers: origin, authorization, accept
> Accept: */*
> --------------------------------------------------------------------------------
> Required Response Headers:
> Access-Control-Allow-Origin
> Access-Control-Allow-Methods
> Access-Control-Allow-Headers
> --------------------------------------------------------------------------------
> http://www.html5rocks.com/en/tutorials/cors/
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (APLO-188) Support allowing cross origin
resource sharing (CORS) of web admin APIs
Posted by "Hiram Chirino (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/APLO-188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13252349#comment-13252349 ]
Hiram Chirino commented on APLO-188:
------------------------------------
This is already implemented in the current SNAPSHOT build. For details on how to enable CORS see:
http://activemq.apache.org/apollo/versions/99-trunk-SNAPSHOT/website/documentation/user-manual.html#Web_Based_Administration
> Support allowing cross origin resource sharing (CORS) of web admin APIs
> -----------------------------------------------------------------------
>
> Key: APLO-188
> URL: https://issues.apache.org/jira/browse/APLO-188
> Project: ActiveMQ Apollo
> Issue Type: Bug
> Components: apollo-web
> Affects Versions: 1.2
> Environment: Debian Wheezy
> Reporter: Torben Fitschen
>
> Request header field Authorization is not allowed by Access-Control-Allow-Headers.
> --------------------------------------------------------------------------------
> Request Headers:
> OPTIONS /broker.json HTTP/1.1
> Host: 192.168.1.2:61680
> Connection: keep-alive
> Cache-Control: max-age=0
> Access-Control-Request-Method: GET
> Origin: http://192.168.1.1
> Pragma: no-cache
> Access-Control-Request-Headers: origin, authorization, accept
> Accept: */*
> --------------------------------------------------------------------------------
> Required Response Headers:
> Access-Control-Allow-Origin
> Access-Control-Allow-Methods
> Access-Control-Allow-Headers
> --------------------------------------------------------------------------------
> http://www.html5rocks.com/en/tutorials/cors/
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (APLO-188) Add "Access-Control-Allow-Methods"
and "Access-Control-Allow-Headers" to CORS requests
Posted by "Torben Fitschen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/APLO-188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13259597#comment-13259597 ]
Torben Fitschen commented on APLO-188:
--------------------------------------
"Access-Control-Request-Headers" not implemented.
The response must have all from the request "Access-Control-Request-Headers", respectively a whitelist which headers to be allowed.
> Add "Access-Control-Allow-Methods" and "Access-Control-Allow-Headers" to CORS requests
> --------------------------------------------------------------------------------------
>
> Key: APLO-188
> URL: https://issues.apache.org/jira/browse/APLO-188
> Project: ActiveMQ Apollo
> Issue Type: Bug
> Components: apollo-web
> Affects Versions: 1.2
> Environment: Debian Wheezy
> Reporter: Torben Fitschen
> Assignee: Hiram Chirino
> Fix For: 1.3
>
>
> Request header field Authorization is not allowed by Access-Control-Allow-Headers.
> --------------------------------------------------------------------------------
> Request Headers:
> OPTIONS /broker.json HTTP/1.1
> Host: 192.168.1.2:61680
> Connection: keep-alive
> Cache-Control: max-age=0
> Access-Control-Request-Method: GET
> Origin: http://192.168.1.1
> Pragma: no-cache
> Access-Control-Request-Headers: origin, authorization, accept
> Accept: */*
> --------------------------------------------------------------------------------
> Required Response Headers:
> Access-Control-Allow-Origin
> Access-Control-Allow-Methods
> Access-Control-Allow-Headers
> --------------------------------------------------------------------------------
> http://www.html5rocks.com/en/tutorials/cors/
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira