[MAGNOLIA-8180] CLONE - CORS headers not added for unauthorized (401) requests Created: 08/Sep/21  Updated: 23/Oct/23  Resolved: 17/Sep/21

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: 6.2.6
Fix Version/s: 6.2.12

Type: Bug Priority: Neutral
Reporter: Mikaël Geljić Assignee: Jaroslav Simak
Resolution: Fixed Votes: 0
Labels: VN-Analysis, VN-Testing
Remaining Estimate: 0d
Time Spent: 3h
Original Estimate: Not Specified

Issue Links:
Cloners
clones MAGNOLIA-7969 CORS headers not added for unauthoriz... Closed
is cloned by MGNLSITE-107 CLONE - CORS headers not added for un... Closed
Relates
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[X]* Steps to reproduce, expected, and actual results filled
[X]* Affected version filled
Release notes required:
Yes
Date of First Response:
Epic Link: Headless Phase 2
Sprint: HL & LD 37, HL & LD 38
Story Points: 1

 Description   

Unauthorized requests may misleadingly return CORS error instead of their expected HTTP status. See MGNLREST-275 for details/steps to reproduce.

CORS filter should be before uriSecurity;
MAGNOLIA-7969 fixed this in 6.2.6 for upgrades, however the reordering was omitted for fresh installs.

Workaround

Move cors filter before uriSecurity

Development notes

See https://wiki.magnolia-cms.com/display/ARCHI/2021-01-06+Placement+of+CORS+filter


Generated at Mon Feb 12 04:30:21 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.