[MAGNOLIA-7215] CORS & OPTIONS Pre-flight support Created: 05/Dec/17 Updated: 23/Oct/23 Resolved: 03/Nov/20 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.2.4 |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Roman Kovařík | Assignee: | Jaroslav Simak |
| Resolution: | Fixed | Votes: | 2 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Release notes required: |
Yes
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Documentation update required: |
Yes
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Epic Link: | Headless Phase 2 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Sprint: | HL & LD 14, HL & LD 15 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Story Points: | 13 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description |
|
Implement full support for the CORS (including OPTIONS Pre-flight) according to the [MEP|https://git.magnolia-cms.com/projects/INTERNAL/repos/mep/pull-requests/13/overview.] |
| Comments |
| Comment by Christopher Zimmermann [ 19/Feb/18 ] |
|
What are the implications of this? |
| Comment by Siegried Zach [ 02/May/18 ] |
|
We came to one situation where the OPTIONS call is needed: If you program a RSS Feed inside Magnolia and want to import the feed URL to Microsoft Outlook, this is failing. Outlook performs (don't know the exact reason) an OPTIONS call on the feed URL which is failing as Magnolia requests a login for the OPTIONS call. |
| Comment by Viet Nguyen [ 06/Jul/18 ] |
|
I had the same issue when developing a new Angular 6 prototype which calling PUT method on REST API. public class HttpOptionsFilter extends AbstractMgnlFilter { @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { if ("OPTIONS".equals(request.getMethod())) { String reqOrigin = request.getHeader("Origin"); response.addHeader("Access-Control-Allow-Origin", reqOrigin); response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD"); response.addHeader("Access-Control-Allow-Headers", "X-Custom-Header, X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Authorization, session-variable"); response.addHeader("Access-Control-Allow-Credentials", "true"); response.setStatus(200); // do not go any further chain.doFilter(request, response); } else { chain.doFilter(request, response); } } } |