Details
-
Bug
-
Resolution: Unresolved
-
Neutral
-
None
-
None
-
None
-
None
Description
Steps to reproduce
- Setup an SPA project that call REST endpoints with custom headers
- The browser will send an OPTIONS request before the main request to ask if the server accept custom headers that the request will send.
- The OPTIONS request is failed with HTTP 401

Expected results
The OPTIONS request and the main request should be successful.
Actual results
The OPTIONS request and the main request are failed
Workaround
Set rest-anonymous GET&POST permission on /.rest/delivery/*
Development notes
See isAuthorized method in SiteUriSecurityFilter and URISecurityFilter.
Checklists
Acceptance criteria