Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-8168

OPTIONS requests should not require write permissions

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Neutral
    • None
    • None
    • None
    • None

    Description

      Steps to reproduce

      1.  Setup an SPA project that call REST endpoints with custom headers
      2.  The browser will send an OPTIONS request before the main request to ask if the server accept custom headers that the request will send.
      3. The OPTIONS request is failed with HTTP 401

      Expected results

      The OPTIONS request and the main request should be successful.

      Actual results

      The OPTIONS request and the main request are failed

      Workaround

      Set rest-anonymous GET&POST permission on /.rest/delivery/*

      Development notes

      See isAuthorized method in SiteUriSecurityFilter and URISecurityFilter.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              canh.nguyen Canh Nguyen
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Checklists

                  Bug DoR
                  Task DoD