Uploaded image for project: 'Hippo CMS'
  1. Hippo CMS
  2. CMS-13154

Page Model API does not allow credentials for requests other than OPTIONS

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Available for testing
    • 14.1.0, 14.2.0
    • 14.1.1, 14.2.0, 100.2.0
    • None
    • None

    Description

      The Page Model API returns `Access-Control-Allow-Credentials: true` for OPTIONS requests, but it ignores others.

      Reproduction Path:
      Access the PMA from the same domain using UrlRewriter setup.

      Actual:
      PMA does not return `Access-Control-Allow-Credentials: true` header in response for GET or POST requests.

      Expected:
      PMA returns `Access-Control-Allow-Credentials: true` for GET and POST requests.

      Attachments

        Issue Links

          is a result of

          New Feature - A new feature of the product, which has yet to be developed. HSTTWO-4703 Improve Cross-Origin Resource Sharing (CORS) HST support through preflight (OPTIONS) requests

          • Top - Should be worked on at this time and be top on the list, required for next intermediate release
          • Closed
          relates to

          Task - A task that needs to be done. CMS-13152 Configure SaaS setup to by default not allow credentials for Page Model API requests

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              ntrajkovski Nikola Trajkovski
              mdokolin Mikhail Dokolin (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: