[MGNLSITE-107] CLONE - CORS headers not added for unauthorized (401) requests Created: 09/Sep/21  Updated: 23/Oct/23  Resolved: 17/Sep/21

Status: Closed
Project: Magnolia Site Module
Component/s: None
Affects Version/s: None
Fix Version/s: 1.4.2

Type: Bug Priority: Neutral
Reporter: Mikaël Geljić Assignee: Jaroslav Simak
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones MAGNOLIA-8180 CLONE - CORS headers not added for un... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[X]* Steps to reproduce, expected, and actual results filled
[X]* Affected version filled
Epic Link: Headless Phase 2
Sprint: HL & LD 37, HL & LD 38
Story Points: 1

 Description   

Unauthorized requests may misleadingly return CORS error instead of their expected HTTP status. See MGNLREST-275 for details/steps to reproduce.

CORS filter should be before uriSecurity;
MAGNOLIA-7969 fixed this in 6.2.6 for upgrades, however the reordering was omitted for fresh installs.

Workaround

Move cors filter before uriSecurity

Development notes

See https://wiki.magnolia-cms.com/display/ARCHI/2021-01-06+Placement+of+CORS+filter


Generated at Mon Feb 12 07:12:48 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.