Uploaded image for project: 'Okapi'
  1. Okapi
  2. OKAPI-847

Conditionally defer CORS handling to module when invoked via passthrough API

    XMLWordPrintable

    Details

    • Template:
    • Sprint:
      CP: sprint 89, CP: sprint 90
    • Story Points:
      3
    • Development Team:
      Core: Platform

      Description

      Overview

      The /_/invoke/tenant/<tenantId>/<path> is essentially a passthrough proxy to the target module. In order to allow mod-login-saml to set cookies - as part of CSRF prevention, we would like that module to perform it's own CORS handling. It's currently invoked via the aforementioned passthrough proxy API.

      See https://wiki.folio.org/display/DD/SAML+CSRF+Prevention for details.

      Acceptance Criteria

      • The module descriptor allows you to optionally specify whether or not to delegate CORS handling to the target module when invoked via /_/invoke/tenant/<tenantId>/<path>
      • CORS handling is conditionally handled in OKAPI based on the target module's descriptor (only when invoked via /_/invoke/tenant/<tenantId>/<path>)
      • OKAPI guide is updated with details

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                hji Hongwei Ji
                Reporter:
                cmcnally Craig McNally
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases