[CMS-13152] Configure SaaS setup to by default not allow credentials for Page Model API requests - Issues

XML

Word

Printable

Details

Type: Task
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Story Points:
0.25
Processed by team:
Quasar
Sprint:
Puma Sprint 232, Puma Sprint 233, Puma Sprint 234

Description

For version 14.x, a lot of customers use the url rewriter or some proxy to support an SPA. However, in case of the 'token based authorization', we do not need a proxy, and it should not even be needed to send credentials with a request from the SPA to BrX.

Therefor in the SaaS version, since we there do not use the proxy solution ever but only the token based access, we should not by default support credentials for CORS requests.

We should however keep the option to support it (later) : Depending on how the commerce (or other) integration(s) will be, it might be that we need by default the 'allow credentials' again for CORS requests

Attachments

Issue Links

relates to

CMS-13154 Page Model API does not allow credentials for requests other than OPTIONS

Closed

HSTTWO-4703 Improve Cross-Origin Resource Sharing (CORS) HST support through preflight (OPTIONS) requests

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Ard Schrijvers

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Mar/20 10:30 AM

Updated:: 07/May/20 11:46 AM

Resolved:: 07/May/20 11:46 AM