[MGNLREST-258] Provide default CORS configuration Created: 25/Jun/20  Updated: 23/Oct/23  Resolved: 09/Nov/20

Status: Closed
Project: Magnolia REST Framework
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major
Reporter: Christopher Zimmermann Assignee: Unassigned
Resolution: Obsolete Votes: 1
Labels: freetrials
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File config.server.filters.addCORSHeaders.yaml     PNG File cors-config.png    
Issue Links:
Relates
relates to MGNLDEMO-272 Use official AddHeadersFilter instead... Closed
dependency
depends upon MGNLREST-193 Need configurable preflight OPTIONS f... Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:
Epic Link: Headless Phase 2

 Description   

It is currently a finicky and error-prone step to enable a basic CORS configuration such that a developer can access Magnolia REST endpoints. It can be done with a Java install task, but this is not available in Light Development. Even with the 'content-importer' no ordering of nodes is possible.
The reason it is tricky because it is a filter configuration which must be put into a specfic location in the chain (as specified in documentation).

To solve this we could provide a default CORS configuration in the filter chain, positioned in the correct location in the chain. The filter has 'enabled: false' set so that a developer still has to enable it for it to take effect and allow cross origin access.

I would propose the same configuration that is used for the travel demo. See attached YAML bootstrap file.

The configuration should not be applied if an 'addCORSFilter' named node is already in place.

With this, then a developer only needs to enable the filter, this could be done either manually or with a bootstrap file. In the future possibly a YAML decorator can also be used.

This is increasingly relevant as more customers use Magnolia in a headless fashion.



 Comments   
Comment by Christopher Zimmermann [ 03/Sep/20 ]

This will probably be rendered obsolete by: MGNLREST-193 which implements the above mentioned MEP.
Because it would allow CORS to be configured on the Site definition - this would mean that it can be configured via YAML decoration easily.

Generated at Mon Feb 12 06:58:08 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.