-
Improvement
-
Resolution: Duplicate
-
Neutral
-
None
-
2.1.1
-
None
-
None
As a developer I want Magnolia to accept and correctly respond to CORS 'preflight' 'OPTIONS' requests so that I can actually achieve my headless CMS requirements including (but not limited to) pushing content to Magnolia.
Currently its not possible (or at least hard) to push content to Magnolia REST endpoints, or delete content, from within a browser as modern browsers enforce CORS security. Another customer mentioned "Outlook performs (don't know the exact reason) an OPTIONS call on the feed URL which is failing as Magnolia requests a login for the OPTIONS call. " There are surely other cases where OPTIONS headers are sent.
To Reproduce issue
See instructions in Description of this ticket: https://jira.magnolia-cms.com/browse/MGNLREST-81
Acceptance Criteria:
- When my app/website running in a browser makes a request to Magnolia endpoints and sends OPTIONS request, then Magnolia responds correctly to the browser, such that the browser can make the actual request.
- As a developer I can configure how magnolia responds to OPTIONS requests.
- Magnolia has a default configuration which accepts OPTIONS requests, or makes it very easy to configure, for example by setting one property in configution. For example it should be configured on this default CORS configuration: https://jira.magnolia-cms.com/browse/MGNLREST-258
We should provide a basic solution without delay. A further ticket could be created to add further sophistication.
Resources
Please see comments below and comments on linked ticket MGNLREST-81and Patch from amanzoni. https://git.magnolia-cms.com/projects/SERVICES/repos/rest/commits/0f42ac3ab288ee94116f772994056dbbb2516f60
CORS OPTIONS Details
https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
Previous Description: (Still relevant)
Customers are facing blocking issue when using Angular 6 accessing HeadLess bundle because of below error:
XMLHttpRequest cannot load http://localhost:8080/mpl/.rest/mplWebsite/myphx/home. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 403.*
I've tried also and getting the same issue. Please find in ticket comment a temporarily filter, please fix it for configurable and production grade.
- is depended upon by
-
MGNLREST-258 Provide default CORS configuration
- Closed
- is duplicated by
-
MGNLREST-81 CORS preflight requests are throwing DefaultOptionsMethodException: No resource method found for options
- Closed
- is superseded by
-
MAGNOLIA-7215 CORS & OPTIONS Pre-flight support
- Closed
- relates to
-
MAGNOLIA-7215 CORS & OPTIONS Pre-flight support
- Closed
- mentioned in
-
Page Loading...