Uploaded image for project: 'Magnolia Site Module'
  1. Magnolia Site Module
  2. MGNLSITE-107

CLONE - CORS headers not added for unauthorized (401) requests

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Neutral Neutral
    • 1.4.2
    • None
    • None
    • None

      Unauthorized requests may misleadingly return CORS error instead of their expected HTTP status. See MGNLREST-275 for details/steps to reproduce.

      CORS filter should be before uriSecurity;
      MAGNOLIA-7969 fixed this in 6.2.6 for upgrades, however the reordering was omitted for fresh installs.

      Workaround

      Move cors filter before uriSecurity

      Development notes

      See https://wiki.magnolia-cms.com/display/ARCHI/2021-01-06+Placement+of+CORS+filter

        Acceptance criteria

              jsimak Jaroslav Simak
              mgeljic Mikaël Geljić
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Bug DoR
                  Task DoD