Uploaded image for project: 'AeroGear'
  1. AeroGear
  2. AEROGEAR-1243

CORS requests are blocked by Auth in controller demo

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Blocker
    • 1.3.0
    • 1.0.0
    • controller , examples
    • None

    Description

      This is a blocker for JS basic and digest auth.

      From IRC discussion

      [10:38:16] <+kborchers> abstractj: ok, i'm not sure where the fix needs to happen but i need to be able to tell that filter to not happen on OPTIONS requests … is that possible?
      [10:39:06] <+kborchers> abstractj: this might help illustrate the issue ...
      [10:39:37] <+kborchers> if you go to http://kborchers.github.io/aerogear-js-integration/unit/basicDigest/basicDigest.html and inspect the network traffic, you'll see that my GET request is preflighted with an OPTIONS request (standard CORS stuff)
      [10:39:57] <+kborchers> that OPTIONS request is then responded to with a 401
      [10:40:06] <+kborchers> that should not happen
      [10:40:17] <+kborchers> i should not get a 401 until the actual GET is sent

      Attachments

        Issue Links

          blocks

          Feature Request - Feature requests from customers and/or users AEROGEAR-4505 Add HTTP basic authentication support on AeroGear.js

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Feature Request - Feature requests from customers and/or users AEROGEAR-4549 Add HTTP digest authentication support on AeroGear.js

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is blocked by

          Feature Request - Feature requests from customers and/or users PLINK-176 HTTP digest authentication returning 401 with valid users

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem that impairs or prevents the functions of the product. PLINK-183 Digest authentication can be bypassed

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved
          relates to

          Bug - A problem that impairs or prevents the functions of the product. PLINK-157 CORS preflight request should not be blocked by Basic or Digest auth

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              boliveir_managed_kafka_security (inactive user) Bruno Oliveira Silva (Inactive)
              kborchers Kris Borchers (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: