jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tobias Bocanegra (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCR-3727) enable CORS preflight requests on AbstractWebdavServlet
Date Mon, 17 Feb 2014 05:53:20 GMT

    [ https://issues.apache.org/jira/browse/JCR-3727?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13902983#comment-13902983
] 

Tobias Bocanegra commented on JCR-3727:
---------------------------------------

Thanks for the patch - however, this basically disables any CORS security and allows CORS
from any client. we should at least make the allowed origins configurable. also a bit more
explanation in what scenarios you need this would be good. usually you can solve CORS problems
with jsonp.

> enable CORS preflight requests on AbstractWebdavServlet
> -------------------------------------------------------
>
>                 Key: JCR-3727
>                 URL: https://issues.apache.org/jira/browse/JCR-3727
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-webdav
>    Affects Versions: 2.4.5, 2.6.5, 2.7.5
>            Reporter: Oliver Lietz
>              Labels: CORS
>         Attachments: JCR-3727-2.4.diff
>
>
> see http://www.w3.org/TR/cors/



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message