Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-8180

CLONE - CORS headers not added for unauthorized (401) requests

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Neutral
    • Resolution: Fixed
    • 6.2.6
    • 6.2.12
    • None

    Description

      Unauthorized requests may misleadingly return CORS error instead of their expected HTTP status. See MGNLREST-275 for details/steps to reproduce.

      CORS filter should be before uriSecurity;
      MAGNOLIA-7969 fixed this in 6.2.6 for upgrades, however the reordering was omitted for fresh installs.

      Workaround

      Move cors filter before uriSecurity

      Development notes

      See https://wiki.magnolia-cms.com/display/ARCHI/2021-01-06+Placement+of+CORS+filter

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                jsimak Jaroslav Simak
                mgeljic Mikaël Geljić
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD

                    CI Builds

                      No builds found.