Bug 967908
Summary: | WebDAV is accessible cross-domain | ||
---|---|---|---|
Product: | [Community] PressGang CCMS | Reporter: | Trevor Jay <tjay> |
Component: | Web-UI | Assignee: | pressgang-ccms-dev |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 1.1 | CC: | lnewson |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-07-01 04:15:49 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Trevor Jay
2013-05-28 14:36:34 UTC
Fixed in 1.0-SNAPSHOT build 20130529-1332. I've fixed the MessageBodyWriterInterceptor to only work on normal REST endpoints. That way the Access-Control-Allow-Origin header will not be present anymore for all webdav requests, as it shouldn't have ever been there anyways. Example output (from skynet-dev): HTTP/1.1 207 Multi-Status Date: Wed, 29 May 2013 07:23:32 GMT Server: Apache-Coyote/1.1 Content-Type: text/xml Connection: close Transfer-Encoding: chunked 23b <?xml version="1.0" encoding="UTF-8" standalone="yes"?><D:multistatus xmlns:D="DAV:"><D:response><D:href>http://skynet-dev.usersys.redhat.com:8080/pressgang-ccms/webdav/</D:href><D:propstat><D:prop><D:resourcetype><D:collection/></D:resourcetype></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response><D:response><D:href>http://skynet-dev.usersys.redhat.com:8080/pressgang-ccms/webdav/TOPICS</D:href><D:propstat><D:prop><D:resourcetype><D:collection/></D:resourcetype></D:prop><D:status>HTTP/1.1 200 OK</D:status></D:propstat></D:response></D:multistatus> 0 Looks good on my end when hitting skynet-dev. I would have verified sooner, but didn't expect you to take care of it this fast! Thanks for the speedy work. |