[MGNLREST-147] Rest tools are limited to run only from one configured domain Created: 09/Nov/17  Updated: 25/Mar/22

Status: Open
Project: Magnolia REST Framework
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Milan Divilek Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
relation
is related to MGNLREST-52 Default apiBasepath should include de... Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:

 Description   

Problem is that swagger is limited to run only from one configured domain(apiBasepath) and we are not support any kind of authentication(https://swagger.io/docs/specification/authentication/).

Example:
https://demo.magnolia-cms.com
https://demoauthor.magnolia-cms.com
Rest tool apiBasepath is configured to = https://demo.magnolia-cms.com/.rest

Then Rest Tools app works correctly if visited via https://demo.magnolia-cms.com, credentials of logged user are used(JSESSION).

If visited from https://demoauthor.magnolia-cms.com then "Can't read from server. It may not have the appropriate access-control-origin settings." occurs. We can use link CORS filter module to allow cross-origin resource sharing, but this doesn't help because we are accessing rest from different domain so all request are done by anonymous user



 Comments   
Comment by Christopher Zimmermann [ 13/Nov/17 ]

Would it be possible to change REST tools to not require a configured Apibasepath at all - could it figure out the URL itself as it is always CONTEXT /.rest? (cc lfischer)
Also see suggestion here: https://jira.magnolia-cms.com/browse/MGNLREST-52

Generated at Mon Feb 12 06:57:04 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.