Bug 1202583 - support CORS "pre-flighted requests" and requests with credentials
Summary: support CORS "pre-flighted requests" and requests with credentials
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Beaker
Classification: Retired
Component: web UI
Version: 19
Hardware: Unspecified
OS: Unspecified
medium
high vote
Target Milestone: ---
Assignee: beaker-dev-list
QA Contact: tools-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-16 23:40 UTC by Dan Callaghan
Modified: 2020-06-02 11:53 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-06-02 11:49:27 UTC


Attachments (Terms of Use)

Description Dan Callaghan 2015-03-16 23:40:24 UTC
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

From my quick reading of the spec it seems like we will need to add:
* a whitelist (in the db or server.cfg) of trusted domains which are allowed to make cross-domain requests
* code for handling OPTIONS requests (Flask may already provide this?)
* code for setting Access-Control-Allow-Origin and Access-Control-Allow-Credentials headers based on the whitelisted domains

We may also want to set Access-Control-Allow-Origin: * for GET requests, to allow "simple" CORS requests for fetching anonymous data. However the admin can also just set this in their Apache config if desired.

Comment 1 Dan Callaghan 2015-03-16 23:41:00 UTC
http://flask-cors.readthedocs.org/en/latest/ may be of some help.

Comment 4 Nilesh Patil 2015-04-29 07:16:14 UTC
Hey Dan, 
 
This has been taken care and we could go ahead and close this bugzilla. I am not sure if you kept it open purposely.

Comment 5 Dan Callaghan 2015-04-29 07:19:44 UTC
We already enabled Access-Control-Allow-Origin: * a while back, for "simple" CORS requests which are read-only. This RFE is about adding application-level support for CORS requests with POST and other requests beyond the "simple" CORS restrictions.

If you don't need anything beyond "simple" CORS requests that's good to know, we will drop the priority of this.

Comment 6 Martin Styk 2020-06-02 11:49:27 UTC
Hello,

thank you for opening issue in Beaker project.
This issue was marked with component "web ui".
As we are not planning to address any further issues in current UI, due to technical stack and not being able to work with Python 3 codebase, I'm closing this issue as WONTFIX.
New UI will be reimplemented within new versions of Beaker.

If you have any questions feel free to reach out to me.

Best regards,
Martin <martin.styk@redhat.com>


Note You need to log in before you can comment on or make changes to this bug.