Uploaded image for project: 'mod-login-saml'
  1. mod-login-saml
  2. MODLOGSAML-103

CORS Access-Control-Allow-Credentials for /saml/login and /saml/callback

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: TBD
    • Resolution: Unresolved
    • Affects Version/s: 2.2.0
    • Fix Version/s: None
    • Labels:
      None
    • Template:
      Standard Bug Write-Up Format
    • Sprint:
      CP: R1 2022 roadmap
    • Story Points:
      2
    • Development Team:
      Core: Platform

      Description

      Integration test FAT-169

      https://github.com/folio-org/folio-integration-tests/pull/206

      revealed that an OPTIONS request to the /saml/login and /saml/callback API doesn't return the Access-Control-Allow-Credentials: true CORS header as intended when mod-login-saml runs behind Okapi.

       

        TestRail: Results

          Attachments

            Issue Links

            blocks

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. FAT-925 CORS Access-Control-Allow-Credentials for /saml/login and /saml/callback

            • TBD - To be determined
            • Blocked
            relates to

            Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MODLOGSAML-63 Implement CSRF Prevention

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

              Activity

                People

                Assignee:
                Unassigned Unassigned
                Reporter:
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:

                    TestRail: Runs

                      TestRail: Cases