[MGNLREST-275] Rest returning CORS error when should return 404 or 500 or not authorized. Created: 23/Sep/20 Updated: 23/Oct/23 Resolved: 12/Jan/21 |
|
| Status: | Closed |
| Project: | Magnolia REST Framework |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major |
| Reporter: | Bartosz Staryga | Assignee: | Jaroslav Simak |
| Resolution: | Obsolete | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||||||||||||||||||||||
| Issue Links: |
|
||||||||||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||||||||||
| Epic Link: | Headless Phase 2 | ||||||||||||||||||||||||||||||||
| Sprint: | HL & LD 17, HL & LD 18, HL & LD 19, HL & LD 20 | ||||||||||||||||||||||||||||||||
| Story Points: | 3 | ||||||||||||||||||||||||||||||||
| Description |
| Comments |
| Comment by Bartosz Staryga [ 04/Dec/20 ] |
|
jsimak to reproduce it in 6.2.5 So issues is still there |
| Comment by Jaroslav Simak [ 04/Dec/20 ] |
|
Workaround:
Because user is not authorized by the uriSecurity, the request won't continue down the chain to process the CORS headers. |
| Comment by Mikaël Geljić [ 10/Dec/20 ] |
|
We should rephrase/repurpose the ticket first:
Then about CORS filter placement:
iirc, preflight requests are not supposed to be behind authorization, so that would also speak for moving the CORS filter.
The cache concern should be secondary, should preflight requests be cached at all? |
| Comment by Jaroslav Simak [ 11/Dec/20 ] |
|
My two cents:
My final say is that we move CORS filter up in the filter chain. |
| Comment by Bartosz Staryga [ 07/Sep/21 ] |
|
jsimakmdrapela in which Magnolia version this should be already reflected in Configuration app? Should I move CORS filter manually always? |