[PAGES-483] SPA cannot reach template endpoints by default Created: 28/Jul/21  Updated: 23/Oct/23  Resolved: 02/Aug/21

Status: Closed
Project: Magnolia pages module
Component/s: SPA Renderer
Affects Version/s: None
Fix Version/s: 6.2.11

Type: Bug Priority: Neutral
Reporter: Mikaël Geljić Assignee: Mikaël Geljić
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones MGNLREST-275 Rest returning CORS error when should... Closed
Relates
relates to PAGES-471 Template annotation endpoint shouldn'... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[X]* Steps to reproduce, expected, and actual results filled
[X]* Affected version filled
Release notes required:
Yes
Epic Link: Headless Phase 2
Sprint: HL & LD 34
Story Points: 2

 Description   

As observed initially on MGNLREST-275, SPA developers still need to allow URI access manually, for the SPA to reach template-annotations or template-definitions endpoints.

  • URI security is the one bailing out, not delivery—400s/500s emitted by REST endpoints should get proper CORS response headers anyway.
  • pages-spa-rendering module should grant GET access to template-definitions endpoint for rest-anonymous by default.


 Comments   
Comment by Mikaël Geljić [ 26/Aug/21 ]

SPA editor libraries now communicate with Magnolia without manual role setup: the SPA rendering module grants the rest-anonymous role GET access to its template-annotations and template-definitions endpoints.
Browsers would previously report CORS issues or unauthorized access.

Generated at Mon Feb 12 06:19:23 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.