Bug 1243448

Summary: Allow cross-domain talk (CORS) from JSON-RPC
Product: [Community] Bugzilla Reporter: Adam Kovari <akovari>
Component: WebServiceAssignee: PnT DevOps Devs <hss-ied-bugs>
Status: CLOSED CANTFIX QA Contact: tools-bugs <tools-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.4CC: dfisher, jmcdonal, mtahir, nobody, qgong
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-25 04:40:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Kovari 2015-07-15 13:14:34 UTC 
Description of problem:
We(Portal Case Management) team has a requirement to allow linking bugzillas to support cases via the customer portal. Since the bugzilla cookie is only allowed for bugzilla.redhat.com, the customer portal has no access to this cookie and every JSON-RPC call to bugzilla is therefore unauthorized.

Further details are in this Jira: https://projects.engineering.redhat.com/browse/UNIFIED-696
Comment 1 Jeff Fearn 🐞 2015-08-18 03:17:22 UTC 
Will this be taken care of by Bug 1238761
Comment 2 Adam Kovari 2015-08-18 09:04:10 UTC 
No, we need to be able to make CORS requests only by using the cookie of already logged in user to bugzilla. This is unrelated to BZ 1238761.
Comment 3 Jason McDonald 2015-08-19 06:16:10 UTC 
The upcoming Bugzilla 5.0 no longer supports cookie-based authentication in the API.  We expect to begin preparations for upgrading to 5.0 shortly after the current Bugzilla hardware upgrade project is completed.

Another solution is going to be needed.
Comment 5 Jason McDonald 2015-09-25 04:40:41 UTC 
As stated above, cookies won't be supports for RPC in Bugzilla 5.0, so this issue cannot be addressed in the requested manner.