Removed OPTION omission for CORS#189
Open
Meetesh Barua (maverick64) wants to merge 1 commit intoconfluentinc:masterfrom
Open
Removed OPTION omission for CORS#189Meetesh Barua (maverick64) wants to merge 1 commit intoconfluentinc:masterfrom
Meetesh Barua (maverick64) wants to merge 1 commit intoconfluentinc:masterfrom
Conversation
|
Confluent Inc. (@confluentinc) It looks like Meetesh Barua (@maverick64) just signed our Contributor License Agreement. 👍 Always at your service, clabot |
Meetesh Barua (maverick64)
requested review from
Brian Bushree (brianbushree),
Jeff Huang (jeffhuang26) and
Robert Yokota (rayokota)
Jeff Huang (jeffhuang26)
approved these changes
Jul 9, 2020
Xavier Léauté (xvrl)
requested changes
Aug 12, 2020
Member
Xavier Léauté (xvrl)
left a comment
Xavier Léauté (xvrl)
left a comment
There was a problem hiding this comment.
this will likely break browser CORS preflight requests, which require OPTIONS methods to not authenticate.
Contributor
Author
Added this flag through which we can disable preflight option check for the servers. The components can just add this flag to true and it will behave as before. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This had to be done for https://confluentinc.atlassian.net/browse/ESCALATION-3168.
When Customer has RBAC/CORS enabled together, anonymous requests run into issue because of jetty/OAuthBearerAuthenticator.
We came to conclusion to get it fixed in rest-utils.
This change will require all HTTP methods (including OPTION) to require authentication if it was enabled.